ancient antique antique map scaled

Updated 2014 Data Breach Notification Costs by State

Carl Niedbala - Founder Shield
Carl Niedbala

COO & Co-Founder

Data Breach Notification Costs

Cyber liability costs are soaring these days for all kinds of businesses (startups included).  Most people think of these “costs” as those related directly to the data breach: legal defense fees, settlements with users and 3rd party vendors, and forensic costs.

Loss attributed to data breach notification costs can go under the radar.  When user data is compromised, the company must take steps to notify users that the their personal data has been [potentially] leaked.  Seems simple enough, but the problem is that data breach notification laws differ across all 50 states.  Each state can have it’s own way of thinking about:

  • what constitutes Personally Identifiable Information (“PII”)
  • what constitutes a breach
  • when users must be notified (i.e. a “known” breach vs “reasonable belief a breach has occurred…”)
  • how notification should be made
  • safe harbor provisions that decrease liability under the statute
  • who is subject to the breach notification law (based on company operations, size, location…)

As you can see, navigating the breach notification legal landscape can get expensive pretty quickly.  A good Cyber liability insurance policy can mitigate a ton of this risk by covering data breach notification costs as well as more “traditional” data breach costs.

If you’re curious about the laws in your state, law firm Mintz Levin created a quick cheat sheet of breach notification laws by state that has been updated as recently as August 2014.  You can dive in to look at the laws in your specific state, but here are a couple big picture takeaways from the document:

  • The general definition of “PII” is as follows: “An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number, (ii) driver’s license number or state-issued ID card number, (iii) account number, credit card number or debit card number combined with any security code, access code, PIN or password needed to access an account and generally applies to computerized data that includes PI.
    • NOTE: California has one of the most sweeping definitions varying from the above:  “any user name or email address, in combination with a password or security question and answer that would permit access to an online account.”
  • The only states that don’t have breach notification laws are the following: Alabama, New Mexico, South Dakota.

 

Take some time to see where your state falls on the breach notification. If you don’t know and you have any questions, reach out! Or give us a call. If you want, you can skip the small talk and go ahead and get a quote.

Related Articles

multi factor authentication
January 24 • Cyber Liability

Securing Your Company With Multi-Factor Authentication: A Complete Guide

Cybersecurity is a priority for most company leaders, with multi-factor authentication spearheading the endeavor. Here’s how to make it a reality in your organization.

cybersecurity-awareness-month
October 6 • Cyber LiabilityRisk Management

Cybersecurity Awareness Month 2022 — Data, Data, Goose!

As the leaves turn golden and the wind blows colder, cybersecurity awareness month is upon us! Here’s what it’s all about and how your company can stay cyber-safe.

cyber-liability-premiums
August 29 • Cyber Liability

To Understand Cyber Liability Premiums, Let’s Talk About Hurricanes

Cyber liability insurance premiums are rising, and company leaders struggle to keep up with the increase — but why is this happening? Let’s talk about the “hurricane effect” and what to expect in the future.

ransomeware-defense
June 13 • Cyber Liability

Ransomware Defense — 5 Tips to Protect Your Business

With cyber attacks on the rise for technology and late-stage companies, it’s up to risk management teams to build fortifying ransomware defense — here’s how.