Over the years internet use has exploded, and with it data breaches. The more personal information that gets stored online the more susceptible that information is to bad actors who will try to access that data and use it for nefarious purposes. Regardless of how data was breached, each state sets parameters for how any company that experiences a data breach must notify affected consumers. This chart details who the state laws apply to, what constitutes personal information, required notification to consumers in event of a breach and other information. The National Association of Insurance Commissioners (NAIC) has developed the Insurance Data Security Model Law in an attempt to develop standards for the investigation and notification to the state insurance commissioners of a cybersecurity event that occurs to any licensee. Our chart indicates which states have adopted this model law. An explanation of the model law itself can be found here.

Note: The information collected and given below reflects our most current knowledge as of publication. If you have questions or need clarification, please contact the Consumer Protection Bureau of the particular state.