RESOURCES

Data Breach Requirements

There are both State and Federal regulatory schemes that deal with data breaches and notification of those whose personally identifiable information may have been compromised. We are able to provide the resources that allow the identification of the individuals who need to be notified of a breach. We generally perform these services in conjunction with forensic experts who obtain the data that needs to be reviewed, cyber security experts and lawyers who specialize in data breach matters.

The sources of federal law that most frequently come into play are in the medical information area, HIPPA regulations (45 CFR Parts 160 and 164) and in the financial services area, the Gramm-Leach-Bliley Act (15 USC Sec 6801 et. seq.) and the regulations issued thereunder.

Notification of a breach is required pursuant to HIPPA without unreasonable delay and in no case later than 60 days following the discovery of a breach. https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

Notification of a breach is required pursuant to the Gramm-Leach-Bliley Act to “the affected customer as soon as possible.”

Each state has its own regulatory scheme that must be followed in conjunction with breaches of the data of its citizens. It is wise to read the statutes together and comply with the most aggressive timeline of notification. Click on the State you are interested in and you will find a link to the State Law provisions regarding data breach.

newusa ( copy)

http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.

https://statutes.capitol.texas.gov/Docs/BC/htm/BC.521.htm#521.001

http://legislature.maine.gov/legis/statutes/10/title10sec1346.html

https://codes.findlaw.com/ak/title-45-trade-and-commerce/ak-st-sect-45-48-010.html

https://codes.findlaw.com/al/title-8-commercial-law-and-consumer-protection/al-code-sect-8-38-1.html

https://www.azleg.gov/viewdocument/?docName=https://www.azleg.gov/ars/18/00551.htm

https://codes.findlaw.com/ar/title-4-business-and-commercial-law/ar-code-sect-4-110-101.html

https://codes.findlaw.com/co/title-6-consumer-and-commercial-affairs/co-rev-st-sect-6-1-716.html

https://www.cga.ct.gov/current/pub/chap_669.htm#sec_36a-701b

https://delcode.delaware.gov/title6/c012b/index.shtml

https://codes.findlaw.com/fl/title-xxxiii-regulation-of-trade-commerce-investments-and-solicitations/fl-st-sect-501-171.html

https://codes.findlaw.com/ga/title-10-commerce-and-trade/ga-code-sect-10-1-910.html

https://codes.findlaw.com/hi/division-2-business/hi-rev-st-sect-487n-1.html

https://legislature.idaho.gov/statutesrules/idstat/title28/t28ch51/

https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702&ChapterID=67

http://iga.in.gov/legislative/laws/2018/ic/titles/024#24-4.9

https://www.legis.iowa.gov/docs/code/2016/715C.pdf

https://codes.findlaw.com/ks/chapter-50-unfair-trade-and-consumer-protection/ks-st-sect-50-7a01.html

https://apps.legislature.ky.gov/law/statutes/statute.aspx?id=34842

http://www.legis.la.gov/Legis/Law.aspx?d=322027

http://mgaleg.maryland.gov/2019RS/Statute_Web/gcl/14-3501.pdf

https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXV/Chapter93H

http://www.legislature.mi.gov/(S(hmhxfd40dtzefbz2ywzputkx))/mileg.aspx?page=getObject&objectName=mcl-Act-452-of-2004

https://www.revisor.mn.gov/statutes/cite/325E.61

https://codes.findlaw.com/ms/title-75-regulation-of-trade-commerce-and-investments/ms-code-sect-75-24-1.html

https://revisor.mo.gov/main/OneSection.aspx?section=407.1500&bid=23329

https://leg.mt.gov/bills/mca/title_0300/chapter_0140/part_0170/sections_index.html

https://nebraskalegislature.gov/laws/statutes.php?statute=87-801

https://www.leg.state.nv.us/NRS/NRS-603A.html

http://www.gencourt.state.nh.us/rsa/html/XXXI/359-C/359-C-mrg.htm

https://codes.findlaw.com/nj/title-56-trade-names-trademarks-and-unfair-trade-practices/nj-st-sect-56-8-160.html

https://codes.findlaw.com/nm/chapter-57-trade-practices-and-regulations/nm-st-sect-57-12c-1.html

https://www.nysenate.gov/legislation/laws/GBS/A39-F

https://ncleg.net/EnactedLegislation/Statutes/HTML/ByArticle/Chapter_75/Article_2A.html

https://www.legis.nd.gov/cencode/t51c30.html

http://codes.ohio.gov/orc/1349.19v1

https://law.justia.com/codes/oklahoma/2016/title-24/section-24-161/

https://www.oregonlaws.org/ors/646A.600

https://codes.findlaw.com/pa/title-73-ps-trade-and-commerce/pa-st-sect-73-2301.html

https://codes.findlaw.com/ri/title-11-criminal-offenses/ri-gen-laws-sect-11-49-3-1.html

https://www.scstatehouse.gov/code/t39c001.php

https://sdlegislature.gov/#/Statutes/Codified_Laws/2047710

https://advance.lexis.com/documentpage/?pdmfid=1000516&crid=0ed9fd81-82ed-41fb-9e29-90becb5977b4&nodeid=ABVAAUAAVAAB&nodepath=%2FROOT%2FABV%2FABVAAU%2FABVAAUAAV%2FABVAAUAAVAAB&level=4&haschildren=&populated=false&title=47-18-2101.+Short+title.&config=025054JABlOTJjNmIyNi0wYjI0LTRjZGEtYWE5ZC0zNGFhOWNhMjFlNDgKAFBvZENhdGFsb2cDFQ14bX2GfyBTaI9WcPX5&pddocfullpath=%2Fshared%2Fdocument%2Fstatutes-legislation%2Furn%3AcontentItem%3A4X8K-XB40-R03J-K1JY-00008-00&ecomp=c38_kkk&prid=39730d7a-a297-4cee-910e-b6c6734b332d

https://le.utah.gov/xcode/Title13/Chapter44/13-44-P2.html

https://legislature.vermont.gov/statutes/fullchapter/09/062

https://law.lis.virginia.gov/vacodefull/title18.2/chapter6/article5/

https://apps.leg.wa.gov/RCW/default.aspx?cite=19.255

http://www.wvlegislature.gov/WVCODE/code.cfm?chap=46A&art=2A#01

https://docs.legis.wisconsin.gov/statutes/statutes/134/98

https://wyoleg.gov/NXT/gateway.dll?f=templates&fn=default.htm&vid=

Wyoming Statutes Title 40. Trade and Commerce § 40-12-101 | FindLaw

State Statute Notification Requirements

Alabama

Timeline for Notification

within 45 days of the covered entity’s receipt of notice

Statute

Ala. Code § 8-38-5 (b)

Alaska

Timeline for Notification

in the most expeditious time possible and without unreasonable delay

Statute

Alaska Stat. § 45.48.010 (b)

Arizona

Timeline for Notification

within 45 days after a determination that a breach has occurred

Statute

Ariz. Rev. Stat. § 18-552 (B)

Arkansas

Timeline for Notification

in the most expedient time and manner possible and without unreasonable delay

Statute

Ark. Code § 4-110-101 (a) (2)

California

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

CA Civ Code § 1798.82 (a)

Colorado

Timeline for Notification

in the most expedient time possible and without unreasonable delay, but not later than thirty days

Statute

Colo. Rev. Stat. § 6-1-716 (2)

Connecticut

Timeline for Notification

without unreasonable delay but not later than ninety days

Statute

Conn. Gen. Stat. § 36a-701b (b)(1)

Delaware

Timeline for Notification

without unreasonable delay but not later than 60 days

Statute

Del. Code Ann. tit. 6 § 12B-102 (c)

District of Columbia

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

D.C. Code § 28-3852 (a)

Florida

Timeline for Notification

as expeditiously as practicable, but no later than 30 days

Statute

FL Stat § 501.171 (4)(a)

Georgia

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

Ga. Code § 10-1-912 (a)

Hawaii

Timeline for Notification

without unreasonable delay

Statute

Haw. Rev. Stat § 487N-2 (a)

Idaho

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

Idaho Code § 28-51-105 (1)

Illinois

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

815 ILCS 530/10 (a)

Indiana

Timeline for Notification

without unreasonable delay

Statute

Ind. Code § 24-4.9-3-3 (a)

Iowa

Timeline for Notification

in the most expeditious manner possible and without unreasonable delay

Statute

IA Code § 715C.2 (1)

Kansas

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

Kan. Stat. § 50-7a02 (a)

Kentucky

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

Ky. Rev. Stat. § 365.732 (2)

Louisiana

Timeline for Notification

in the most expedient time possible and without unreasonable delay, but not later than 60 days

Statute

La. Rev. Stat. § 51:3074 (E)

Maine

Timeline for Notification

as expediently as possible and without unreasonable delay

Statute

10 Me. Rev. Stat. § 1348 (1) (A)

Maryland

Timeline for Notification

as reasonably practicable, but not later than 45 days

Statute

Md. Code Com. Law § 14Đ3504 (b) (3)

Massachusetts

Timeline for Notification

as soon as practicable and without unreasonable delay

Statute

Mass. Gen. Laws 93H § 3 (a)

Michigan

Timeline for Notification

without unreasonable delay

Statute

Mich. Comp. Laws § Section 445.72 Sec 12 (4)

Minnesota

Timeline for Notification

most expedient time possible and without unreasonable dela

Statute

Minn. Stat. 325E.61 § Subd. 1 (a)

Mississippi

Timeline for Notification

without unreasonable delay

Statute

Miss. Code § 75-24-29 (3)

Missouri

Timeline for Notification

without unreasonable delay

Statute

Mo. Rev. Stat. § 407.1500 (2) (1)

Montana

Timeline for Notification

without unreasonable delay

Statute

Mont. Code V 30-14-1704 (1)

Nebraska

Timeline for Notification

as soon as possible and without unreasonable delay

Statute

Neb. Rev. Stat. § 87-803 (1)

Nevada

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

NRS_603A.220 (1)

New Hampshire

Timeline for Notification

as soon as possible

Statute

NH Rev Stat § 359-C:20 (I) (a)

New Hampshire

Timeline for Notification

promptly notify in writing

Statute

NH Rev Stat § 332-I:5

New Jersey

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

N.J. Stat. § 56:8-163 (12) (a)

New Mexico

Timeline for Notification

in the most expedient time possible, but not later than 45 days

Statute

NM Stat § 57-12C-6 (A)

New York

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

N.Y. Gen. Bus. Law § 899-aa (2)

North Carolina

Timeline for Notification

without unreasonable delay

Statute

N.C. Gen. Stat. § 75-65 (a)

North Dakota

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

N.D. Cent. Code § 51-30-02

Ohio

Timeline for Notification

in the most expedient time possible but not later than forty-five days

Statute

Ohio Rev Code § 1349.19 (B) (2)

Oklahoma

Timeline for Notification

without unreasonable delay

Statute

OK Stat § 24-163 (A)

Oregon

Timeline for Notification

most expeditious manner possible, without unreasonable delay, but not later than 45 days

Statute

Or. Rev. Stat. § § 646A.604 (1) (a)

Pennsylvania

Timeline for Notification

without unreasonable delay

Statute

73 Pa. Stat. § 2303 (a)

Rhode Island

Timeline for Notification

in the most expedient time possible but no later than forty-five (45) calendar days

Statute

R.I. Gen. Laws § 11-49.3-4 (a) (2)

South Carolina

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

S.C. Code Ann. § 39-1-90 (A)

South Dakota

Timeline for Notification

not later than sixty days

Statute

SDCL § 22-40-20

Tennessee

Timeline for Notification

no later than forty-five (45) days

Statute

Tenn. Code Ann. § 47-18-2107 (d)

Texas

Timeline for Notification

without unreasonable delay and not later than the 60th day

Statute

Tex. Bus. & Com. Code § Sec. 521.053 (b)

Utah

Timeline for Notification

in the most expedient time possible without unreasonable delay

Statute

Utah Code § 13-44-202 (2)

Vermont

Timeline for Notification

in the most expedient time possible and without unreasonable delay, but not later than 45 days

Statute

9 V.S.A. § 2435 (b) (1)

Virginia

Timeline for Notification

without unreasonable delay

Statute

Va. Code § 18.2-186.6 (B)

Virginia

Timeline for Notification

without unreasonable delay

Statute

Va. Code § 32.1-127.1:05 (B)

Washington

Timeline for Notification

immediately following discovery

Statute

Wash. Rev. Code § 19.255.010 (2)

West Virginia

Timeline for Notification

without unreasonable delay

Statute

W.V. Code § 46A-2A-102 (a)

Wisconsin

Timeline for Notification

within a reasonable time, not to exceed 45 days

Statute

Wis. Stat. § 134.98(3)(a)

Wyoming

Timeline for Notification

in the most expedient time possible and without unreasonable delay

Statute

Wyo. Stat. § 40-12-502 (a)

Legal Outsourcing Resources

Ethics of Legal Outsourcing

ABA Formal Opinion 08-451 August 5, 2008 Lawyer’s Obligations When Outsourcing

ABA News Release about Ethics Committee Opinion 08-451

Tuft, Mark L. (2010) “Supervising Offshore Outsourcing of Legal Services in a Global Environment: Re-examining Current Ethical Standards,” Akron Law Review: Vol. 43 : Iss. 3 , Article 9