Legal Reg, Compliance, Invest. IT


For whichever U.S. state you are currently residing in, research its breach notification law. Note that some states do not label it as such, but all 50 states have some form of legislation that mandates an organization’s responsibilities when a data breach affects the state’s citizen’s private, protected information.

Some research resources to consider include your textbook, of course; the UC Library, particularly via the Nexis Uni database; the state’s governmental websites; the state bar association’s (legal profession) website; Cornell University’s legal website; etc. Describe your state’s law including at least these considerations: 

What types of organizations or individuals does it apply to? 

Is it limited to only those organizations or individuals who reside or exist in that state, or might it affect external interests? 

How does the law define or describe the information that it protects, by both name and description? 

What exemptions, if any, exist? 

What are the penalties for violating the law? 

In your opinion, is it effective? Good law? Needing updating? What other critiques or opinions do you have about it? 

Anything else that you think your classmates would benefit from.