No organization wants to have to notify its customers that a data breach has occurred on its watch. Word of a data breach can not only sink customer confidence and invite litigation, but also can give the impression that the organization doesn’t value its customers’ information as much as hackers do.
But data breaches may not be as black and white as you might think.
California was the first state to enact a data breach notification law in 2002. Since that time, nearly all other states have followed suit with their own versions of law, with the exception of Alabama and North Dakota. While they differ to some degree, the foundational tenet of these state laws is: