Question 12
UnclassifiedWhich statement best describes state breach-notification laws in the United States?
Correct answer: B
Explanation
State breach-notification laws generally require notice when certain personal information is compromised, but the exact triggers and deadlines differ by jurisdiction. Because each state sets its own definitions and timing rules, the laws are not uniform across the United States.
Why each option is right or wrong
A. They are identical in every state
B. They commonly require notice when specified personal information is compromised, but definitions and timing vary by state
State breach-notification statutes are enacted independently by each state, so there is no single federal definition or deadline that applies nationwide; instead, most laws are triggered when specified categories of personal information are acquired or reasonably believed to have been acquired. For example, California Civil Code § 1798.82 requires notice to affected residents in the “most expedient time possible and without unreasonable delay,” while Florida Stat. § 501.171 sets a 30-day notice deadline, showing that both the triggering data elements and timing requirements vary by jurisdiction.
C. They apply only to government databases
D. They never require regulator notice