Currently, 47 states have laws in place that require notification to affected individuals in the event of a cybersecurity breach involving personally identifiable information. In general, the laws define personally identifiable information and delineate who must comply as well as when and how they must do so. Fortunately, the National Conference of State Legislatures has a handy resource guide that lists (and provides links to) each of these laws for quick reference. See the guide.