Just released: How to raise venture capital in 2023


Updated 2014 Data Breach Notification Costs by State


Key Takeaways

Carl Niedbala - Founder Shield
Carl Niedbala

COO & Co-Founder

Data Breach Notification Costs

Cyber liability costs are soaring these days for all kinds of businesses (startups included).  Most people think of these “costs” as those related directly to the data breach: legal defense fees, settlements with users and 3rd party vendors, and forensic costs.

Loss attributed to data breach notification costs can go under the radar.  When user data is compromised, the company must take steps to notify users that the their personal data has been [potentially] leaked.  Seems simple enough, but the problem is that data breach notification laws differ across all 50 states.  Each state can have it’s own way of thinking about:

  • what constitutes Personally Identifiable Information (“PII”)
  • what constitutes a breach
  • when users must be notified (i.e. a “known” breach vs “reasonable belief a breach has occurred…”)
  • how notification should be made
  • safe harbor provisions that decrease liability under the statute
  • who is subject to the breach notification law (based on company operations, size, location…)

As you can see, navigating the breach notification legal landscape can get expensive pretty quickly.  A good Cyber liability insurance policy can mitigate a ton of this risk by covering data breach notification costs as well as more “traditional” data breach costs.

If you’re curious about the laws in your state, law firm Mintz Levin created a quick cheat sheet of breach notification laws by state that has been updated as recently as August 2014.  You can dive in to look at the laws in your specific state, but here are a couple big picture takeaways from the document:

  • The general definition of “PII” is as follows: “An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number, (ii) driver’s license number or state-issued ID card number, (iii) account number, credit card number or debit card number combined with any security code, access code, PIN or password needed to access an account and generally applies to computerized data that includes PI.
    • NOTE: California has one of the most sweeping definitions varying from the above:  “any user name or email address, in combination with a password or security question and answer that would permit access to an online account.”
  • The only states that don’t have breach notification laws are the following: Alabama, New Mexico, South Dakota.


Take some time to see where your state falls on the breach notification. If you don’t know and you have any questions, reach out! Or give us a call. If you want, you can skip the small talk and go ahead and get a quote.

Related Articles

cyber insurance pricing trends 2024
March 13 • Cyber Liability

Cyber Insurance Pricing Trends 2024

Uncertain about cyber insurance costs in 2024? Our article explores pricing trends, expert predictions on rate increases, and strategies to potentially reduce your cyber insurance premium.

cyber liability insurance premiums
March 4 • Cyber Liability

7 “Must Haves” For Cyber Liability Insurance in 2024

With cyber liability insurance premiums rising, business leaders must have the inside scoop to keep costs low. Our partners at Blacksmith InfoSec delve into those tips and tricks.

Cybersecurity Data Breaches
November 9 • Cyber Liability

Top 10 Cybersecurity Data Breaches of 2023

Today’s digital landscape is frightening for business leaders. Here’s a glimpse into some of the most cringe-worthy data breaches in 2023 — plus, how to avoid them.

Cyber Insurance Pricing Trends
July 19 • Cyber Liability

Cyber Insurance Pricing Trends 2023

After a hard-hit 2022, let’s explore the lessons learned, what currently impacts the cyber market, and cyber insurance pricing trends to expect in the future.

multi factor authentication
January 24 • Cyber Liability

Securing Your Company With Multi-Factor Authentication: A Complete Guide

Cybersecurity is a priority for most company leaders, with multi-factor authentication spearheading the endeavor. Here’s how to make it a reality in your organization.

October 6 • Cyber LiabilityRisk Management

Cybersecurity Awareness Month 2022 — Data, Data, Goose!

As the leaves turn golden and the wind blows colder, cybersecurity awareness month is upon us! Here’s what it’s all about and how your company can stay cyber-safe.