South Dakota is the latest US state to introduce a law specifying that any organisation which suffers a data breach must notify all affected parties. Forty-nine states are now signed up to this legislation – which covers personal details, financial data, health information, social security numbers, driving licences and biometric data. However, it will only apply if the data breach is considered to be harmful.
In response to the 2017 Equifax breach, Oregon has updated its data breach laws; allowing the initiation of immediate credit freezes to guard victims against financial loss through identity theft.
Illinois’s Attorney General, along with thirty-two of her peers, has recently canvassed Congress to request that individual states should be allowed to continue enforcing data security and disclosure of breaches. A draft bill that gives breached companies the right to decide who they inform is currently under consideration.