Introduction
The United States does not have a unified data privacy law at the national level as, for example, many countries in Europe do. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are comprehensive and effective, but only protect consumers in a single industry.
So, what if an individuals private data is subjected to a security breach not covered by HIPAA or GLBA? Without an overarching federal mandate in effect, a company that discovered its data had been compromised is not compelled to notify all the affected individuals. Notification, and possible liability to provide identity theft protection, comes only in laws including mandated security breach notifications. To bridge the gap in privacy protection, most states have enacted their own privacy laws.
With the help of the Internet, you can research these gaps and find out what your state does to protect your privacy. For instance, the purpose of the National Conference of State Legislatures (NCSL) is, according to its Web site, to provide access to current state and federal legislation and a comprehensive list of state documents, including state statutes, constitutions, legislative audits, and research reports.
Instruction
In this lab, you will review the data security breach notification laws for your state and you will assess the scope and depth of the privacy protection rights of a citizen in your state.
Currently, 47 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have data and security breach notification laws that define what organizations must do if they have had data or security breached that impact citizen privacy data. The National Conference of State Legislatures (NCSL) Web site tracks and organizes telecommunication and information technology state legislation.
Step by Step Instructions:
Go to NCSL Web site and review data and security breach notification laws for each state https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx.
Find Virginias Notification Laws to get started. Open the attached document for steps by steps instruction.
Click the Back button on your browser (or, if the Va. Code link opened a new window, close that window).
After you have returned to the list of states, scroll to find your state.
Review the Breach of personal information notification law.
Click and download the security breach notification laws for your state. If you cannot download your states security breach laws, return to the state of Virginia and use that information to complete this lab.
Deliverables:
Review and analyze your states security breach laws and include the following in your Lab Report File:
Relate state government data security breach notification laws to individual privacy. Explain why state governments have data security breach notification laws.
Find a specific states data and security breach notification law.
Download a copy of a specific states data and security breach notification law.
Assess the scope and depth of the privacy protection rights of a citizen of any particular state.