National Data Breach Notification Standard

National Data Breach Notification Standard

Each state government has its own laws regarding consumer protection and data breach notification. When a breach of customer data occurs, CISOs must individually report the breach to each of the governments of the 50 states, the Virgin Islands, Guam, Puerto Rico, and the District of Columbia. This is an unwieldy and uneven system that slows down the response to data breaches and therefore increases the risk to consumers whose data is exposed.

The NTSC believes the best solution to this patchwork approach is a national data breach notification standard that preempts state regulations, provides a single place for companies to file reports, and protect all consumers equally. A uniform national standard will ease the excessive burden of the current patchwork system that plagues CISOs and their team as they respond to incidents and allow them to allocate their resources more fully to finding and closing the breach and notifying consumers as soon as possible.


ITSP Magazine NTSC Podcast Series: Episode 4 (National Data Breach Notification Legislation) (July 20, 2020)


TAG Partners with NTSC and CSCG to Discuss Data Security & Breach Notification Act of 2020 (April 24, 2020)


The New York SHIELD Act: A Comprehensive Overview (August 20, 2019)


Executive Director Patrick Gaul Talks About Capital One and Data Breach Notification Legislation on 11Alive (August 13, 2019)


Some Thoughts Regarding the Marriott Data Breach (December 7, 2018)


NTSC Views Marriott Data Breach Announcement as Yet Another Opportunity to Rethink National Data Breach Notification Legislation (December 4, 2018)


It’s the Right Time for National Data Breach Notification Legislation (October 16, 2018)


The Hill: The time is now for Congress to act on a national data breach notification law (September 21, 2017)


Meet the Atlanta Cyber Week Influencers: NTSC Executive Director Patrick Gaul Discusses Why It’s Time for the U.S. to Lower the Excessive Costs of Data Breach Notification (August 28, 2017)


Nation needs to unify data breach standards (March 24, 2017)