Summary of U.S. State Data Breach Notification Statutes
Select a state or region below to view at-a-glance info on the right, including links to our summary, the full statute, and the latest thought leadership. Use the filter tab for a visual comparison of statue provisions.
Davis Wright Tremaine's privacy and security practice group maintains this summary of the 50 state data breach notification statutes (plus the statutes for Washington, D.C., Guam, Puerto Rico, and the U.S. Virgin Islands). The summary should help answer questions about state data breach notification requirements but it is not intended to provide legal advice, which can only be given in response to inquiries regarding particular situations.
If you have questions about data breach notification requirements, please contact one of the members of our privacy and security group who counsels businesses and individuals about such requirements, including Nancy Libin and Mike Borgia. If you have questions or comments about this summary, please contact DWTBreach@dwt.com.
Please note that states may periodically amend their respective data breach notification statutes and these amendments may affect or modify any current data breach notification requirements. DWT's State Data Breach Notification Summaries will be updated as those amendments go into effect. Please refer to the last revised date on each summary page for information on when the most recent updates have been made to the individual state summaries.