The trend among U.S. states for continually tweaking their data breach notification laws has not changed. In 2016, five states had modifications to their breach notification laws that went into effect (California, Nebraska, Oregon, Rhode Island, and Tennessee). The change to the California law marks the sixth time the statute has been modified since being passed. Also looming on the horizon is the breach notification requirements in Europe (under GDPR) that will go into effect in May 2018.

TIP: Companies should keep their breach notice plans updated to reflect these legislative changes, and be prepared to make further updates in 2017.