Data breach notification laws are state statutes that delineate certain reporting requirements in the aftermath of a data breach, pertaining to (1) applicability of the organization, (2) notification requirements with regard to parties who must be notified that the breach occurred, (3) notification timing requirements, and (4) specific penalties that may be incurred for failure to comply.
The overwhelming majority of states have their own, slightly varying data breach notification laws.