Indiana, Wisconsin and Nebraska have been added to the list of U.S. states with their own data breach laws, bringing the total number to 26. According to InfoWatch experts, any companies suffering data leaks will have their work cut out making sure they comply with all the existing laws.
Three more U.S. states – Indiana, Wisconsin and Nebraska – have adopted laws on confidential data leaks. The IT Compliance Institute reports that 26 states plus Puerto Rico now have their own data breach laws.
The laws adopted in Nebraska and Wisconsin, unlike those in many other states, also class biometric data as private and subject to protection. The Wisconsin law also requires notification of all affected consumers, even if outside the state or country.
A noteworthy aspect of the Indiana law is that it covers firms that store information about Indiana residents, even if the company is located outside the state.
It means that one leak of confidential data could result in a company facing 26 different lawsuits, with fines of $10,000 for every day that an incident is not disclosed.
“I imagine that satisfying the demands of all 26 laws in the event of a leak will not be easy. At the very least, the legal fees are going to increase the overall losses of such incidents by no less than 30%. It will result in the average cost of a leak increasing from the 2005 figure of $330,000 to around $450,000,” warns Denis Zenkin, marketing director at InfoWatch.
Source: IT Compliance Institute