Originally published in Privacy & Security Law Report - 11 PVLR 26, 06/25/2012. Copyright 2012 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com.

Since early May of this year, both Connecticut and Vermont amended their security breach notification laws to require notice to each state’s respective state attorney general (AG) of data security breaches. The Connecticut and Vermont amendments and similar amendments made by other states last year demonstrate a growing national trend in state data security legislation—state reconsideration of, and ultimately amendments to, the requirements of existing state security breach notification laws.

Background

Since California’s landmark security breach notification law went into effect July 1, 2003, nearly every state has adopted a similar law. While the last state law to be enacted went into effect only last year (Mississippi), many, if not most, states enacted a law similar to the California law within five years. Today, 46 states, as well as the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, have security breach notification laws on the books.