Different Laws For Different Places

Legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information (“PI” or “PII”) has been enacted in 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands. As of January 1, 2015, only Alabama, New Mexico and South Dakota have no laws related to data breach notification.

At the present time there is not a Federal data breach law, however, there are laws like Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Electronic Communications Privacy Act (ECPA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Omnibus Rule and others that have specific data and security compliance requirements.