Chapter 7: State Data Breach Notification, Data Security, and Data Destruction Laws

Notification: Method and Substitute Notice

The default method is written notice by postal mail. Email or phone are usually allowed only if the person previously and explicitly chose that channel. For very large breaches, substitute notice (website posting, statewide media) is permitted to avoid undue burden.

Laws generally require written notification by postal mail. Email or telephone are acceptable alternatives usually only if the affected party previously and explicitly chose that as their preferred channel.

For breaches affecting thousands or millions, individual notice could be an undue financial burden, so laws permit substitute notice - conspicuous website posting and notification to major statewide media (newspapers, radio, television).

Key terms - quick answers

What is “Substitute notice”?

An alternative method - such as conspicuous website posting or statewide media - permitted for large breaches where individual notice would impose an undue financial burden.

← Notification: Free Credit Monitoring Notification: Attorney General and State Agency Notice →