Five Things to Watch for in a National Breach Notification Law

by Guest Contributor 3 min read June 17, 2011

High-profile data breaches are back in the headlines as businesses—including many in the communications sector—fall prey to a growing number of cyberattacks. So far this year, 251 public notifications of data breaches have been reported according to the Privacy Rights Clearinghouse.

The latest attack comes on the heels of the Obama administration’s recent proposal to replace conflicting state laws with a uniform standard. The idea is not a new one—national breach notification legislation has been in discussion on Capitol Hill since 2007. With the addition of the White House proposal, three data breach notification bills are now under consideration. But rather than waiting for passage of a new law, communications companies and businesses in general should be aware of the issues and take steps to prepare.

Replacing 48 laws with one
Currently, notification standards differ on a state-by-state basis: 46 states, plus the District of Columbia and Puerto Rico each enforce their own standards.

The many varying laws make compliance confusing and expensive. While getting to a single standard sounds like a good idea, finding a single solution becomes difficult when there are 48 different laws to reconcile. The challenge is to craft a uniform national law that preempts state laws, while providing adequate consumer protection.

Five things to look for in a National Breach Notification Law
Passing a single law will be an uphill battle. In the meantime, these are some of the issues that will need to be resolved before a national breach standard can be enacted:

  • What types of personal information should be protected?
  • First and last name + other info (e.g. bank account number)
  • What should be classified as “personal” information?
  • Email addresses and user names
  • Health and medical information (California now includes this)
  • What qualifies as a breach and what are the triggers for notification?
  • What information should be included in a breach notice?
  • How soon after a breach should notification be sent?
    • Some states require notices be sent within a set number of days, others ASAP.

Potential penalties
What could happen if a company doesn’t comply with the proposed laws? Under the White House bill, fines would be limited to $1,000/day, with a $1 million cap. The two bills in House would impose penalties of $11,000/day, maxing out at $5 million.

How to prepare before a national standard is passed
Although the timing for passage is uncertain, communications companies need not wait for a national law to pass before taking action. Put a plan in place instead of sorting through 48 different laws.

Preparation can be as simple as making a phone call to your Experian rep about our data breach protection services. Having managed over 2,300 data breach events, Experian can help you effectively mitigate loss.

In addition to following updates on this page, you can also stay informed about the progress of pending data breach legislation by following the Data Breach Blog.

Share your thoughts and concerns on the current proposals by leaving a comment.

For further reading on this subject:

Related Posts

Electric Vehicle Registrations Are Growing Beyond Traditional Locations

For years, most electric vehicle (EV) adoption has been concentrated in California, New York, and other traditional early-adopter markets. And while those markets still lead the nation in total registrations, as of last year, some of the fastest-growing EV markets are in regions that haven’t played a significant role in the past. According to Experian Automotive’s 2025 EV Year in Review Report, EV adoptions seem to be entering a new phase that is spreading well beyond coastal strongholds. In fact, the top designated market areas (DMAs) that saw the fastest year-over-year growth for new retail individual EV registrations in the last five years were Detroit, MI (34.5%), Naples, FL (32.6%), Atlanta, GA (20.6%), Buffalo, NY (18.7%), and Charlotte, NC (17.3%). However, despite the growing demand in these market areas over the last few years, Los Angeles, CA still holds a strong lead in new retail individual EV registrations, with over 164,000 new adopters in 2025. Rounding out the top five were San Francisco, CA (85,000+), New York, NY (78,000+), Miami, FL (45,000+), and Seattle, WA (35,000+). EV adoption expanding well beyond the early-adopter markets could be a result of charging infrastructure growth, vehicle availability improvement, and consumer interest reaching new levels across the country. What does this mean for dealers? The extension of EV adoption into emerging markets signals that these vehicles are becoming a mainstream consideration for more consumers. As dealers look for ways to grow their presence in this segment, adopting marketing strategies, service operations, and inventory planning will be beneficial to meet changing buyer expectations and capitalize on the growing demand. The biggest takeaway isn’t necessarily which markets are selling the most EVs, it’s seemingly where adoption is gaining momentum. As new regions start to embrace these vehicles, it’ll be important to monitor the next phase of growth and where future opportunities may emerge. To learn more about EV insights, visit Experian Automotive’s EV Resource Center.

Published: July 7, 2026 by Kirsten Von Busch
PREMIER Bankcard Expands Financial Access

Learn how PREMIER Bankcard and Experian are helping expand financial access through data, technology and personalized decisioning.

Published: July 6, 2026 by Scarlet.Nickel@experian.com
Simplifying Verification: Inside Experian Verify Hub with Sophia Cheung 

Explore how Experian Verify Hub is simplifying income and employment verification as Sophia Cheung shares insights on reducing complexity, improving data access, and helping organizations make faster, more confident decisions.

Published: July 3, 2026 by Ted Wentzel