Summary of U.S. State Data Breach Notification Statutes

Select a state or region below to view at-a-glance info on the right, including links to our summary, the full statute, and the latest thought leadership. Use the filter tab for a visual comparison of statute provisions.

Davis Wright Tremaine's privacy and security practice group maintains this summary of the 50 state data breach notification statutes (plus the statutes for Washington, D.C., Guam, Puerto Rico, and the U.S. Virgin Islands). The summary should help answer questions about state data breach notification requirements but it is not intended to provide legal advice, which can only be given in response to inquiries regarding particular situations.

If you have questions about data breach notification requirements, please contact one of the members of our privacy and security group who counsels businesses and individuals about such requirements, including Nancy Libin and Mike Borgia. If you have questions or comments about this summary, please contact DWTBreach@dwt.com.

View a complete collection of DWT's State Data Breach Notification Summaries in PDF format.

Please note that states may periodically amend their respective data breach notification statutes and these amendments may affect or modify any current data breach notification requirements. DWT's State Data Breach Notification Summaries will be updated as those amendments go into effect. Please refer to the last revised date on each summary page for information on when the most recent updates have been made to the individual state summaries.