Data security laws

As of January 2007, 35 states have enacted data security laws requiring businesses that have experienced an intrusion involving possible identity theft to notify persons affected, and to improve security for protection of sensitive data. However, existing federal and state laws that impose obligations on information owners, may require harmonization to provide protections that are more uniform.