Data Privacy Regulations

Terms of Use

This summary of regulations is provided for information purposes only.
No action based on this summary alone should be undertaken.
Each individual or entity must obtain appropriate guidance for its specific circumstances.

LOUISIANA DATA PRIVACY REGULATIONS

Did You Know?

 

It's statutes may include:

  • Limited methods of notification delivery
  • Data owners are responsible for the reporting and notifications
  • Civil action can be taken to recover damages resulting failure to disclosure a breach in a timely manner
  • Other state laws, federal laws, industry regulations, and/or out-of-country laws may apply

Who Me?

 

Louisiana breach and notification laws may apply if you are:

  • Any person that conducts business in Louisiana or a person or agency that owns or licenses computerized data that includes PII
  • Any agency or person that maintains computerized data that includes personal information that you do not own

There are usually exemptions.

What is PII?

 

PII relevant to a breach in LA includes an individual’s name with one or more of the following:

  • Social security number
  • Driver license number
  • Account or credit/debit card numbers; with any required security code etc. permitting access to an individual's account

LAWS

APPLICABLE LAWS

The statutes include, but are not limited to:  

Title 51:  Trade Commerce

  Chapter 51:  Database Security Breach

    Notification Law Sections 3071 to 3077

RELATED LAWS

The statutes include, but are not limited to:  

Title 9:  Civil Code-Ancillaries

  §3518.3.  Credit cards; printing of accounting numbers on sales receipts; liability

PENALTIES

COMPLIANCE PENALTIES

Penalties for violation: Civil action may be instituted to recover actual damages resulting from the failure to disclose in a timely manner to a person that there has been a breach of the security system resulting in the disclosure of a person's personal information.

BREACH REPORTING

MULTIPLE FACTORS TO CONSIDER

When considering reporting requirements, it would include, but not limited to:

  • The combination of personal information breached
  • If the data was computerized
  • If the data was encrypted or redacted
  • If the encryption key or other security code was acquired
  • If it was acquired by an unauthorized person
  • Whether there is a reasonable likelihood of harm to customers

TIME LIMITS

Notification may be delayed if law enforcement advises the person it will interfere with an investigation, otherwise, the notification must be made in the most expedient manner possible and without unreasonable delay.

CONSUMER NOTIFICATION

Requires detailed information and potential provision of services

Disclosure may only be made by written notice, telephone or electronically, with stipulations.
A substitute notice, with specific requirements, may be sent if the cost of the notice exceeds $250,000 or the persons to be notified exceeds 500,000 or they do not have sufficient contact information.

Contact the Privacy Experts at CSR