What Does Your State’s Laws Require of your Business Following a Data Breach? (INFOGRAPHIC)

State Cybersecurity Laws: If You Suffer a Cyber Attack, Does Your State Have Your Back? (INFOGRAPHIC)

If you fall victim to a cyber-attack in the United States, do you know each state has different laws when it comes to a data breach?

The Definitive Guide to US State Data Breach Laws from Digital Guardian is a comprehensive report of what you can expect from all 50 states, the District of Columbia, Guam, Puerto Rico and the US Virgin Islands in the event of a cyber-attack.

State Cybersecurity Laws

Knowing the laws in each state is important because as a digital small business owner your customers can be in any one of the 50 states, or around the world for that matter. The guide from Digital Guardian shows you the laws enacted by the different states in March of 2018 as announced by the National Conference of State Legislatures (NCSL).

The legislation requires private or governmental organizations to notify individuals in the event of a security breach involving their personal identifiable information.

The guide shows existing notification requirements to individuals and regulators as well as the information covered in the legislation for the state and the penalties for each violation. It also has a rundown of pending legislation.

Not knowing the differences in all the states can leave you vulnerable to increased liability thereby jeopardizing your business and personal finances.

In the report, Digital Guardian said, “Entities that conduct business in any state must be familiar with not only federal regulations, but also individual state laws that apply to any agency or entity that collects, stores, or processes data pertaining to residents in that state.”

Digital Guardian specializes in providing solutions for protecting the data of organizations. According to the company, it has the only security platform purpose-built to stop data theft in the industry. The solution it provides can be implemented on premises, SaaS or managed service deployments.

It has been named Leader by Gartner Magic Quadrant for Enterprise Data Loss Prevention in 2017 and Forrester Wave: Endpoint Detection and Response in 2018.

What is a Breach?

Although there are some differences as to how states define a data breach, the guide says almost all of them define it as:

The Unauthorized Acquisition of Covered Information That Compromise the Security, Integrity, or Confidentiality.


When there is a breach, how and when you get notified varies greatly. While Alabama, Maryland, Ohio and others require individuals to be notified within 45 days, South Dakota allows up to 60 days and Tennessee grants up to 90 days as needed by law enforcement.

The way the notifications are delivered also vary by state, with most of them requiring a written notice along with a telephone call and electronic notices.

You can look at the infographic below for a summary of the guide. If you want the full 108 page Definitive Guide to US State Data Breach Laws from Digital Guardian you can download it here (PDF).

This is a worthwhile document to have as a reference tool.

State Cybersecurity Laws: If You Suffer a Cyber Attack, Does Your State Have Your Back? (INFOGRAPHIC)

Infographic by Digital Guardian

Image: Digital Guardian

More in: 3 Comments ▼

Michael Guta Michael Guta is the Assistant Editor at Small Business Trends and currently manages its East African editorial team. Michael brings with him many years of content experience in the digital ecosystem covering a wide range of industries. He holds a B.S. in Information Communication Technology, with an emphasis in Technology Management.

3 Reactions
  1. The laws have really evolved over time and it is based on the needs of the target market.

  2. It is nice to learn about this because data security has become such a major issue for online business since Facebook’s issue.

  3. It is important to learn and incorporate this into your business and not just do it for compliance.