CSO magazine has posted an illustration to show US states that still do not have breach notification requirements:
- South Dakota
- Alaska
- New Mexico
- Iowa
- Missouri
- Kentucky
- West Virginia
- Virgina
- South Carolina
- Alabama
- Mississippi
Any guesses why these sates chose not to pass notification laws? Economics? Politics? Washington D.C. has the footnote “Pending Federal Legislation”. Wouldn’t that be true for all states?
This reminds me of a VP I used to work for who swore up and down that breach notification laws were horrible things that would immediately turn into swarms of “ambulance-chasing lawyers” trying to pick on the weak and vulnerable companies who had to disclose a breach. I guess he was wrong.