Trends in Changing US Data Breach Notification Laws

Stricter Regulations, Greater Complexity Will Challenge Privacy and Security in 2020

Download as a PDF

< Return to Ebooks

2020 data breach notification regulations trends

Planning for Change: Trends in Data Breach Notification Laws

As a privacy professional, you face significant challenges in complying with the multiplicity of personal data breach notification and recordkeeping requirements under U.S. state and federal laws, international data protection laws, and industry regulations—not to mention contractual obligations to business partners, vendors, processors, and controllers.

Adding to this patchwork of overlapping regulations is the reality that laws are constantly changing, and tracking them all to maintain compliance is perhaps the largest challenge of all.

Navigating the complexities of breach notification regulations is like solving a puzzle: you align information, look for patterns, and plan several steps ahead so that when all the pieces click into place you have a simple, clear picture of what the law requires.

Included in this ebook:

  • Trends in how states are regulating data breach notification requirements
  • Forecast for 2020 regulatory activities
  • What these changes mean for privacy and security teams

Download Now >

2019 Data Breach Legislative Action Included:

  1. 15 new laws or amendments that impacted breach notification obligations went into effect.
  2. More than 35 bills on our regulatory watchlist had the potential to impact breach notification obligations and gained momentum.
  3. Looking ahead, eight data breach notification laws are signed and ready to go into effect in 2020, and one in 2021.

All 50 states now have their own unique breach notification regulation with differing requirements. There is always talk of a U.S. federal law, and we need to be vigilant of that possibility.

Hot Topics in Privacy Regulations this Year:

Globally, the EU General Data Protection Regulation (GDPR) has gained a foothold since becoming effective in May 2018, with regulators issuing hefty fines. The amendment to Canada’s PIPEDA requiring mandatory breach reporting has been in force for more than a year. Notifications have skyrocketed in Australia since the Notifiable Data Breaches scheme passed almost two years ago.

Looking Ahead: Count on Continued Complexity.

As we analyze this flurry of legislative activity over the past year, one overarching trend becomes clear: the increasing stringency and growing complexity in breach notification obligations. This trend is reflected in other data privacy laws not related to breach notification guidelines, most notably the California Consumer Privacy Act (CCPA), which becomes effective on January 1, 2020.

Download the full ebook to read our break down of what these trends mean for how your privacy and security teams work today.

Fill out the form to access the full eBook