Data Breach Notification Laws

To help data theft victims protect their assets and credit, nearly every state in the United States, and numerous countries around the world, have enacted some form of data breach notification law.  Generally, if an individual’s name and another form of personal identifying information (such as a driver’s license number or credit card number) may have been accessed in a data breach, timely notification is required.  In addition to notifying the potentially impacted individuals, most laws also require notification of law enforcement.   

The governmental goal of these notice requirement laws is to permit individuals to take appropriate steps to protect their credit and their assets.  For example, individuals who may have been impacted by a data breach may inform the credit bureaus of the breach, and also may monitor their credit.

Often, additional services are provided by an entity that experienced a data breach to assist potentially impacted individuals.  Call centers and hotlines sometimes are made available to answer questions and help impacted individuals communicate with credit bureaus or obtain credit monitoring or other services.  Care must be taken in structuring and staffing these response mechanisms to avoid creating further problems if, for example, call center staff are not prepared to accurately answer questions that are likely to arise. 

 
We have helped many companies comply with data breach notification requirements.  In most situations, litigation has been avoided.  Carefully crafted and executed data breach notifications may enhance customer satisfaction, but poorly executed notifications result in considerable loss of customers.  If litigation results, care in handling the data breach investigation often makes the difference between a quick win and an expensive loss.  Our experience in this area can make a meaningful difference for your company.