National Data Breach Notification Standard

National Data Breach Notification Standard

Despite bipartisan support, we still currently do not have a national data breach notification law. After a data breach, CISOs must individually report to 50 states, the Virgin Islands, Guam, Puerto Rico, and the District of Columbia. Consumers are not protected equally in all states, so it’s reasonable to challenge why so many different and varied laws exist rather than a nationally agreed upon set of data breach notification standards.

A high percentage of a CISO’s team is devoted to compliance and the day-to-day burdens of so many different state and territorial data breach notification laws. The NTSC is focused on bringing together industry and congressional leaders to develop comprehensive national data breach notification legislation that will preempt existing state legislation. National legislation will provide businesses one place to file for breach notifications while simultaneously delivering uniform protection to all consumers.


ITSP Magazine NTSC Podcast Series: Episode 4 (National Data Breach Notification Legislation) (July 20, 2020)


TAG Partners with NTSC and CSCG to Discuss Data Security & Breach Notification Act of 2020 (April 24, 2020)


The New York SHIELD Act: A Comprehensive Overview (August 20, 2019)


Executive Director Patrick Gaul Talks About Capital One and Data Breach Notification Legislation on 11Alive (August 13, 2019)


Some Thoughts Regarding the Marriott Data Breach (December 7, 2018)


NTSC Views Marriott Data Breach Announcement as Yet Another Opportunity to Rethink National Data Breach Notification Legislation (December 4, 2018)


It’s the Right Time for National Data Breach Notification Legislation (October 16, 2018)


The Hill: The time is now for Congress to act on a national data breach notification law (September 21, 2017)


Meet the Atlanta Cyber Week Influencers: NTSC Executive Director Patrick Gaul Discusses Why It’s Time for the U.S. to Lower the Excessive Costs of Data Breach Notification (August 28, 2017)


Nation needs to unify data breach standards (March 24, 2017)