Or as Navin R. Johnson might say ....... *
Our updated Mintz Levin State Data Breach Notification Matrix (fondly known as the "Mintz Matrix") is available here. We update this resource quarterly, or as events dictate. Legislatures have been quiet on the data breach notification front since the end of 2012. Since our last update, North Dakota, Texas and Vermont have amended their data breach notification laws.
In a nutshell -- Effective now, Vermont now requires that Vermont-regulated financial institutions notify the state's Department of Financial Regulation in the event of a breach. Such notice is in addition to any notice required by applicable federal regulations.
North Dakota -- Effective August 1, the definition of "personal information" has been expanded to add both "health insurance information" and "medical information."
Texas-- Effective now, Texas amended its breach notification law to (a) remove language limiting the application of the data breach notification requirement to Texas residents and residents of states that do not require notification, (b) permit for residents of states other than Texas that require notification of a breach, notice to be provided to such individuals under the states' law or under Texas law, and (c) clarify that written notice of a security breach must be provided to the last known address of the individual.
Now, for today’s disclaimer: This chart is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.
*(Sound clip from The Jerk starring Steve Martin, 1979)