State Laws Protecting Citizen Information and Breach Notification Laws
Goals
- The ability to collaborate on federal and state breach notification laws
- Understanding state approaches to protecting security of personal information
History of State Actions to Protect Personal Information
Breach Notification Regulations
- California was first state to have a breach notification law
- many states modeled their breach notification laws on this
- California Database Security Breach Notification Act (2003)
- How State Breach Notification Laws Differ
Data-Specific Security and Privacy Regulation
- Many states have created laws to protect the use of certain types of information
- Requirement to Comply with PCI Standards
- Laws Limiting SSN Use and Disclosure
- Protecting Consumer Privacy
Encryption Regulations
- Some states require entities to use encryption
- Massachusetts - Protecting Personal Information
- Nevada Law - Standards-Based Encryption
Data Disposal Regulations
- As of January 2019, at least 35 states and Puerto Rico have created data disposal laws
- make sure that personal information is properly disposed of
- Personal data must be protected throughout its life cycle
- includes disposing of the information in an appropriate way
- Washington - Disposal of Personal Information (2002)
- New York - Disposal of Records Containing PII