On July 1, 2009, new laws will take effect in Alaska and South Carolina that will require entities that have experienced data security breaches involving personal information to notify affected individuals of the breaches. With these additions, a total of 44 states, plus the District of Columbia, Puerto Rico and the U.S. Virgin Islands, will have active breach notification laws in place. There are no breach notification laws in Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota.
Both Alaska Stat. § 45.48.010 et seq. and South Carolina. Code Ann. § 39-1-90 will apply to breaches of unencrypted personal information in both paper and electronic records.
Read more on Privacy and Information Security Law Blog.