Recent Developments in Data Breach Notification Requirements

Currently, organizations that experience a data breach must navigate a patchwork of state breach notification statutes to identify their obligations to provide notice to regulators and affected individuals. If the breach involves certain types of information, organizations may also have notification obligations under certain federal laws and regulations. These statutes and regulations differ with respect to the types of information that must be involved in a data breach to trigger a notification requirement, the exceptions that may apply, whether government regulators or credit reporting agencies must be notified, and the timing and content of any notice to regulators or affected individuals. Additionally, companies that provide services to other business or government agencies are frequently required by contract to notify business partners in the event of a data breach.

Learning Objectives:

1. Review the current state of breach notification requirements with a focus on recent changes to the applicable law
2. Examine key distinctions between federal and state notification requirements
3. Understand the possible direction of future developments in this field