Alabama Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Alabama's data breach notification rules under the 2018 Act, including the 45-day deadline, AG reporting requirements, penalties, and exemptions.
9 min read
Loading...
Data Breach Laws
49 articles
Alaska Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Alaska requires breach notification without unreasonable delay. One of ~12 states with a private right of action for actual damages up to $500.
9 min read
Arizona Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Arizona requires data breach notification within 45 days under A.R.S. §§ 18-551 and 18-552. Learn who must report, what triggers notice, and penalties up to $500,000.
9 min read
Arkansas Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Arkansas data breach notification rules under the Personal Information Protection Act, including reporting timelines, AG requirements, and penalties.
8 min read
California Data Breach Notification Laws: Reporting Rules & Timelines (2026)
California requires breach notification within 30 days under SB 446. Learn who must comply, what triggers notice, CCPA damages, and AG reporting rules.
9 min read
Colorado Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Colorado requires data breach notification within 30 days. Learn who must comply, what personal information is protected, AG reporting rules, and penalties.
8 min read
Connecticut Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Connecticut requires 60-day breach notification, 24-month credit monitoring for SSN breaches, and AG reporting. Learn the rules under Conn. Gen. Stat. 36a-701b.
10 min read
Delaware Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Delaware requires data breach notification within 60 days. Learn who must comply, what data triggers reporting, AG notice rules, and encryption safe harbor.
8 min read
District of Columbia Data Breach Notification Laws: Reporting Rules & Timelines (2026)
DC requires breach notification without unreasonable delay and AG notice when 50+ residents are affected. Learn about the private right of action, 18-month identity theft protection, and penalties.
11 min read
Florida Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Florida's 30-day data breach notification deadline, penalty structure up to $500,000, AG reporting rules, and encryption safe harbor under Fla. Stat. 501.171.
9 min read
Georgia Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Georgia's data breach notification law requires notice without unreasonable delay but sets no deadline, no AG reporting, and no penalties. Full breakdown of Ga. Code 10-1-912.
9 min read
Idaho Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Idaho data breach notification rules, the 24-hour agency reporting deadline, protected data categories, encryption safe harbor, and penalties up to $25,000.
9 min read
Illinois Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Illinois data breach notification rules under 815 ILCS 530, including reporting timelines, AG notification thresholds, encryption safe harbor, and penalties.
9 min read
Indiana Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Indiana requires data breach notification within 45 days. Learn who must be notified, what personal information triggers the law, penalties up to $150,000, and the biometric data gap.
10 min read
Kansas Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Kansas requires businesses to investigate breaches and notify residents without unreasonable delay under K.S.A. 50-7a01. Learn about PI definitions, safe harbors, and penalties.
10 min read
Kentucky Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Kentucky data breach notification requirements under KRS 365.732 and government rules under KRS 61.931-934, including timing, encryption safe harbor, and penalties.
11 min read
Louisiana Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Louisiana requires data breach notification within 60 days. Learn who must report, what data is protected, AG reporting rules, and penalties under La. R.S. 51:3071.
8 min read
Maine Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Maine requires data breach notification within 30 days. Learn who must comply, what triggers notification, encryption safe harbors, and penalties under state law.
12 min read
Maryland Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Maryland requires data breach notification within 45 days. Learn about AG-first reporting, protected personal information, encryption safe harbors, and penalties.
10 min read
Massachusetts Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Learn Massachusetts data breach notification rules under Chapter 93H and 201 CMR 17.00, including WISP requirements, penalties, and credit monitoring obligations.
9 min read
Michigan Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Michigan data breach notification law requires businesses to notify residents of security breaches involving personal information. Learn timelines, penalties, and safe harbors under MCL 445.72.
11 min read
Minnesota Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Minnesota requires breach notification without unreasonable delay when names plus SSNs, driver's licenses, or financial accounts are exposed. No AG notice required.
9 min read
Mississippi Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Mississippi data breach notification law (Miss. Code 75-24-29) requires notice without unreasonable delay. No AG reporting required. Learn triggers, exemptions, and penalties.
8 min read
Missouri Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Missouri data breach notification law (Mo. Rev. Stat. 407.1500) requires prompt notice to affected residents. Learn timelines, penalties up to $150K, and AG enforcement rules.
9 min read
Montana Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Montana requires data breach notification without unreasonable delay under Mont. Code 30-14-1704. Learn who must be notified, protected data types, AG reporting rules, and penalties.
7 min read
Nebraska Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Nebraska requires data breach notification without unreasonable delay under Neb. Rev. Stat. 87-801. Learn about broad PI coverage including biometrics, AG notification, and the cybersecurity safe harbor.
8 min read
Nevada Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Nevada requires data breach notification without unreasonable delay under NRS 603A. Learn about protected data types, PCI DSS mandate, no AG notification requirement, and the encryption safe harbor.
8 min read
New Hampshire Data Breach Notification Laws: Reporting Rules & Timelines (2026)
New Hampshire requires data breach notification as quickly as possible under RSA 359-C:20. Learn about AG pre-notification, the $5,000 substitute notice threshold, CRA reporting, and penalties.
8 min read
New Jersey Data Breach Notification Laws: Reporting Rules & Timelines (2026)
New Jersey requires data breach notification within 30 days, with a unique 7-day rule for social media breaches. Learn about treble damages, AG and State Police reporting, and penalties up to $20K.
9 min read
New Mexico Data Breach Notification Laws: Reporting Rules & Timelines (2026)
New Mexico requires data breach notification within 45 days of discovery under N.M. Stat. 57-12C. Learn about biometric data coverage, AG reporting, HIPAA/GLBA exemptions, and enforcement.
8 min read
New York Data Breach Notification Laws: Reporting Rules & Timelines (2026)
New York requires data breach notification within 30 days under the SHIELD Act. Learn who must be notified, safeguard requirements, and penalties up to $250K.
11 min read
North Carolina Data Breach Notification Laws: Reporting Rules & Timelines (2026)
North Carolina requires breach notification without unreasonable delay. Violations are UDTP offenses with treble damages and a private right of action under N.C. Gen. Stat. 75-65.
9 min read
North Dakota Data Breach Notification Laws: Reporting Rules & Timelines (2026)
North Dakota requires breach notification without unreasonable delay and AG notice at 250+ affected individuals. Penalties up to $5,000 per violation under N.D. Cent. Code 51-30.
8 min read
Ohio Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Ohio requires data breach notification within 45 days. Escalating penalties reach $10,000/day. The Ohio Data Protection Act offers a cybersecurity safe harbor under ORC 1349.19.
9 min read
Oklahoma Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Oklahoma requires breach notification without unreasonable delay. SB 626 (effective Jan 2026) adds biometric data, 60-day AG deadline, and $150K penalty cap.
8 min read
Oregon Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Oregon requires data breach notification within 45 days. AG notice at 250+, CRA at 1,000+. Penalties up to $500,000 for continuing violations under ORS 646A.604.
9 min read
Pennsylvania Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Pennsylvania requires breach notification without unreasonable delay. The 2024 BPINA amendment adds AG notice at 500+, 12-month credit monitoring, and health insurance data coverage.
9 min read
Rhode Island Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Rhode Island requires data breach notification within 45 days (30 for government). Learn about the 128-bit encryption safe harbor, AG reporting at 500+, and per-record penalties.
8 min read
South Carolina Data Breach Notification Laws: Reporting Rules & Timelines (2026)
South Carolina requires data breach notification without unreasonable delay under S.C. Code 39-1-90. Learn about the private right of action, $1,000 per-resident fines, and CRA reporting at 1,000+.
8 min read
South Dakota Data Breach Notification Laws: Reporting Rules & Timelines (2026)
South Dakota requires data breach notification within 60 days. Learn about the AG reporting threshold of 250 residents, $10,000/day penalties, and protected information coverage.
8 min read
Tennessee Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Tennessee requires data breach notification within 45 days under Tenn. Code 47-18-2107. Learn about the private right of action, FIPS 140-2 encryption safe harbor, and CRA reporting at 1,000+.
8 min read
Texas Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Texas requires breach notification within 60 days to individuals and 30 days to the AG. Penalties reach $50,000 per violation under the DTPA.
10 min read
Utah Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Utah requires data breach notification without unreasonable delay. Learn about the 2024 AG/Cyber Center reporting requirement at 500+, $2,500 per-consumer penalties, and investigation obligation.
8 min read
Vermont Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Vermont requires data breach notification within 45 days plus a 14-day preliminary AG notice. Learn who must comply, protected data types, penalties, and reporting rules.
8 min read
Virginia Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Virginia requires data breach notification to the Attorney General and affected residents without unreasonable delay. Learn about the $150,000 penalty cap and private right of action for direct economic damages.
9 min read
Washington Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Washington requires data breach notification within 30 days and has one of the broadest PI definitions in the U.S. Learn reporting rules, AG notification, and private right of action.
9 min read
West Virginia Data Breach Notification Laws: Reporting Rules & Timelines (2026)
West Virginia requires data breach notification without unreasonable delay. Learn its narrow PI definition, no AG reporting requirement, encryption safe harbor, and $150K penalty cap.
7 min read
Wisconsin Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Wisconsin requires data breach notification within 45 days. Learn its PI definition covering biometric data and DNA, no AG reporting requirement, and $10,000 per violation penalty.
8 min read
Wyoming Data Breach Notification Laws: Reporting Rules & Timelines (2026)
Wyoming requires data breach notification without unreasonable delay for private sector entities. Learn its broad PI definition including biometric data, enforcement rules, and safe harbors.
8 min read