The USA Has More Breach Notification Laws than Baskin Robbins Has Ice Cream Flavors, Now What?

Written by: Carolyn Crandall, CMO & Chief Deception Officer – Since the original breach notification law enacted in California in 2002, each of the 50 states and District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have all enacted breach notification laws that require organizations or government entities to notify individuals of a security breaches that involve personally identifiable information. U.S. organizations that have suffered a breach currently face a regulatory web that is near impossible to navigate and if a company’s products or services reach into the EU, they must also comply with GDPR for the relevant segment of their user base.