Loading...
Browse our full library of legal guides, state law breakdowns, and practical legal information.
2021 articles
Browse by Category →
Minnesota requires breach notification without unreasonable delay when names plus SSNs, driver's licenses, or financial accounts are exposed. No AG notice required.
Nebraska requires data breach notification without unreasonable delay under Neb. Rev. Stat. 87-801. Learn about broad PI coverage including biometrics, AG notification, and the cybersecurity safe harbor.
Texas CUBI law requires consent before capturing fingerprints, face scans, or voiceprints. Penalties up to $25,000 per violation. The AG has secured over $2.7 billion in settlements.
California protects biometric data as sensitive personal information under the CCPA/CPRA. Learn about consumer rights, breach rules, employer duties, and CPPA enforcement.
Arkansas protects biometric data under its breach notification law, not a dedicated statute. Learn what the Personal Information Protection Act requires in 2026.
Nevada requires data breach notification without unreasonable delay under NRS 603A. Learn about protected data types, PCI DSS mandate, no AG notification requirement, and the encryption safe harbor.
Illinois BIPA (740 ILCS 14) requires written consent before collecting fingerprints, face scans, or other biometrics. Violations carry $1,000-$5,000 in damages per violation.
Georgia's data breach notification law requires notice without unreasonable delay but sets no deadline, no AG reporting, and no penalties. Full breakdown of Ga. Code 10-1-912.
Guide to New York biometric privacy laws including the SHIELD Act, NYC Local Law 3, pending Biometric Privacy Act (S1422), and employer obligations for 2026.
South Dakota has no dedicated biometric privacy law. Learn how the breach notification statute SDCL 22-40-19 protects biometric data and what gaps remain.
Texas requires breach notification within 60 days to individuals and 30 days to the AG. Penalties reach $50,000 per violation under the DTPA.
South Carolina requires data breach notification without unreasonable delay under S.C. Code 39-1-90. Learn about the private right of action, $1,000 per-resident fines, and CRA reporting at 1,000+.