Follow ACC Docket Online:  

This Week in Privacy: How to Tell if You’re a Victim of a Data Breach

"This Week in Privacy” is a new column for in-house counsel who need advice in the privacy and cybersecurity sectors. K Royal is a director at TrustArc. To have your legal privacy questions answered, email with “This Week in Privacy" in the subject line.

Q: I did not receive a notice of breach from a recent large data breach in the United States. This means I am not a potential victim, right?

A: Wrong. In the United States, there are various options in most of the state breach notification laws and the federal privacy laws. Typically, when notifying a large number of people, the company can notify customers or clients by using various media channels (e.g., press releases, newspapers), posting a notice on its website, or emailing the individual if they have an email on record with the company. So if it is a breach of millions of victims, notification may be both cost prohibitive and impossible if email addresses are not available — and if you heard about it, you got notice.

Here are some resources on state data breach notification laws:

State Data Security Breach Notification Laws
State Data Breach Notification Laws
Security Breach Notification Laws

About the Author

K Royal is a technology columnist for, and director at TrustArc. @heartofprivacykroyal

The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.