In this document CompTIA’s public advocacy team outlines its involvement and policy recommendations in regards to data breach notification laws. A majority of states have enacted data breach and notification laws, but there is no uniformity among them. Therefore, small- and medium-sized businesses (SMBs) are forced to navigate through disparate requirements to:
- Understand what type of entity is covered by the law,
- Understand under what circumstances a state notice requirement triggered,
- Determine what is an acceptable form of customer notice,
- Review state laws to understand possible exceptions to a particular notice requirement,
- Identify the correct parties to whom the notices must be provided, and
- Understand whether the state provides for a private right of action.
As you can imagine, navigating through this patchwork of laws can be expensive for the SMB IT. Read on to learn CompTIA’s position on these laws and our policy recommendations.
CompTIA Public Advocacy
At CompTIA we focus our policy priorities along three main practice areas; federal commercial policy, state government affairs and international policy. Of particular interest are those issues that accelerate the innovation cycle, build a 21st century workforce and maintain secure, open access to the Internet.
The content you requested is available to CompTIA Registered Users and CompTIA Premier Members.
Register now. It’s free!
Registration will provide you with a customized experience and give you instant access to hundreds of CompTIA research
reports, guides and tools. Anyone can create an account.
Learn more about registration