Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 60 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach notification laws:
- constitutes unfair act or practice

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Notification may only be given by specific methods.
  • Notifications must contain required information.
  • If notification is not required, the person or business must retain a copy of the written determination and supporting documentation for 5 years from the date of discovery of the breach of the security system.
  • If notification determination is requested in writing, the person or business must send a copy of the written determination and supporting documentation to the attorney general no later than 30 days from the date of receipt of the request.
  • Civil action may be instituted to recover actual damages resulting from the failure to disclose in a timely manner to a person that there has been a breach of the security system.
  • If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents of other states, you will need to notify those residents using those states’ rules.
Statutes and Laws
  • LA RS § 51:3071 Database Security Breach Notification Law

    LA RS § 51:3074 Protection of personal information; disclosure upon breach in the security of personal information; notification requirements; exemption

    LA RS § 51:3075 Recovery of damages

    LA Admin. Code § 701 Part III Consumer Protection, Database Security Beach Notification – Reporting Requirements

BAck to map