As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate.
We’ve updated the Mintz Levin State Data Breach Notification Matrix to reflect recent changes to Kentucky’s law and Iowa’s law. The Mintz Matrix is available here.
Kentucky recently became the 47th state to add a data breach notification law. As we discussed in our post last Friday (here), the law also contains some provisions relating to provision of cloud computing services to K-12 (public and private).
Iowa recently added a requirement that the state’s Attorney General be provided notice in the event of a breach affecting more than 500 Iowa residents.
Now, for today’s disclaimer: This chart is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.