With the explosive growth of online commerce, there are more points at which unsavory characters may infiltrate a company's confidential information database concerning employees and consumers. Some data breaches have garnered national attention (insert example, think Target, or the Ashely Madison hack that exposed reality TV stars); others merely show up in an envelope with a special label. Regardless of how data was breached, each state sets parameters for how any company that experiences a data breach must notify affected consumers. This chart details who the state laws apply to, what constitutes personal information, required notification to consumers in event of a breach and other information.

Note: The information collected and given below reflects our most current knowledge as of November 15. If you have questions or need clarification, please contact the Consumer Protection Bureau of the particular state.