Written by Dianne Bourque
In the event of a data breach, covered entities must consider state law notification requirements, as well as those imposed by HIPAA. Toward that end, Mintz Levin has developed a survey of state data breach notification laws, which is a useful tool for understanding the types of protections states require, breach notification triggers, timing, and other specifics. The Mintz Levin Data Breach Matrix is accessible here. As observed by Cynthia Larose in a recent Privacy & Security Matters post, all the usual disclaimers apply: the matrix is not a substitute for legal advice from practitioners with experience responding to data breaches.