Data Breach Notification Laws: An Argument for a Comprehensive Federal Law to Protect Consumer Data


During the past four years, over 354,140,197 pieces of personal identifying information have been compromised as a result of data breaches. These breaches have imposed a huge financial burden on both companies and consumers. As a result, forty-six states have enacted legislation seeking to protect consumers by requiring companies to notify them when their personal information is compromised as the result of a data breach. This notification allows consumers to take action to protect their information from identity theft. This Note argues that existing state laws do not adequately address data security breaches and recommends comprehensive federal data breach notification legislation. Part I provides a brief history of data security breaches precipitating the enactment of data breach notification legislation and an overview of current state data breach notification laws and previously proposed federal legislation. Part II critiques current data breach legislation and outlines the need for federal legislation. Part III proposes guidelines for a federal statute.


Database security, Identity theft -- Prevention, Consumer protection -- Law & legislation, Databases -- Law & legislation, Confidential communications, Notice (Law), Personal information, Right of privacy, California. Security Breach Information Act, California



Jill Joerling (Washington University School of Law)



Publication details



All rights reserved

File Checksums (MD5)

  • pdf: e9d587cb25fa54953350de030c0be2f7