Davis Wright Tremaine’s Privacy & Security practice group maintains this summary of the 50 state data breach notification statutes (plus the statutes for Washington, D.C., Guam, Puerto Rico, and the U.S. Virgin Islands). The summary should help answer questions about state data breach notification requirements but it is not intended to provide legal advice, which can only be given in response to inquiries regarding particular situations.
If you have questions about data breach notification requirements, please contact one of the members of our Privacy & Security group who counsels businesses and individuals about such requirements, including Nancy Libin and Michael Borgia. If you have questions or comments about this summary, please contact DWTBreach@dwt.com.
View this data in an interactive map
Please note that states may periodically amend their respective data breach notification statutes and these amendments may affect or modify any current data breach notification requirements. DWT’s State Data Breach Notification Summaries will be updated as those amendments go into effect. Please refer to the last revised date on each summary page for information on when the most recent updates have been made to the individual state summaries.