Imation Map of State Data Breach Notification Laws Spotlights Need for Storing and Protecting Sensitive Information

Compliance Heat Map Illustrates Similarities and Differences in State Laws, with Virginia’s Being Most Strict; Laws Hint at Myr...

Compliance Heat Map Illustrates Similarities and Differences in State Laws, with Virginia’s Being Most Strict; Laws Hint at Myriad of Data Compliance Challenges Facing Businesses of All Sizes

OAKDALE, Minn.--(BUSINESS WIRE)--Aug. 28, 2012-- Imation Corp. (NYSE: IMN), a global scalable storage and data security company, today released results of research into state data breach notification laws and associated penalties. The analysis shows that current state data breach notification laws are strikingly similar but vary in compliance requirements for businesses, with all laws highlighting the need for companies to deploy methods for closely storing, protecting and controlling sensitive information. Imation used publicly available sites (including information obtained via the National Conference of State Legislatures) to analyze state compliance laws in the 46 U.S. states that have such laws, as well as in Puerto Rico, the District of Columbia and the U.S. Virgin Islands.

Imation created a “Compliance Heat Map” to depict the strictness of data breach laws and resulting penalties for breaches. The Compliance Heat Map provides a visual snapshot of the strictness of regulations by state, using a color scale ranging from light yellow (less strict) to dark red (more strict). To view the compliance heat map, click here:

“What the compliance heat map tells us is that data security needs to be at top of mind for all IT pros, as there are rules in place for nearly all states and territories and non-compliance could mean serious penalties,” said David Duncan, software & security solutions marketing director, Imation. “Yet, companies also are challenged by explosive data growth and state and federal requirements that mandate active archiving, long-term retention and accessibility of that data. Businesses need resources to help navigate laws and develop secure and scalable infrastructures for data storage and protection.”

IT pros today are responsible for managing data, which includes ensuring security, business continuity and regulatory compliance. For small- to mid-sized businesses, the challenge is often to meet compliance requirements with limited resources, which leads to higher risk. In fact, the 2011 Verizon Data Breach report found that businesses with between 11 and 100 employees reported more than six times as many data breaches than businesses with between 101 and 1,000 employees, according to the online website BusinessNewsDaily. Further, the loss or theft of an unencrypted notebook, flash drive or removable hard disk drive can expose gigabytes, or even terabytes, of private information. IT professionals should implement strategies to protect their data through network security, data encryption and enforcement of information security policies, while staying well-informed of state compliance laws in the not-unlikely event that a data breach does occur.

Compliance Heat Map Findings

Imation’s research found most state data breach notification laws to offer similar definitions of personally identifiable information and requirements regarding the notification of affected parties. Among the research’s noteworthy findings:

  • Four states have yet to enact a data breach notification law: Alabama, Kentucky, New Mexico and South Dakota.
  • According to Imation’s analysis, Virginia has the most strict law in the nation. The law provides specific requirements on what is to be included in a breach notification, requires government and credit reporting agency notification, and includes a large financial penalty relative to other states.
  • A few states, including Virginia, require notification even if breached data is encrypted—if the encrypted data was stolen along with the encryption keys.

Compliance Heat Map Methodology

To conduct the research, Imation applied to the laws a series of questions, organized to evaluate the laws’ requirements regarding encryption, data that is within scope of the laws, notification of data loss and destruction of data, as well as penalties for non-compliance with the laws. Imation also considered other germane laws, such as those dictating data destruction or allowing for consumer freezing of credit report requests. Imation used publicly available information about the laws, including the legislation itself.

Imation does not intend for this research to constitute a legal review of the laws, and in no way are the results of this research intended to be legal advice. Companies should consult with their legal counsel before making any decisions regarding legal compliance.

For more information, please visit

About Imation

Imation is a global scalable storage and data security company. Our portfolio includes tiered storage and security offerings for business, and products designed to manage audio and video information in the home. Imation reaches customers in more than 100 countries through a powerful global distribution network and well recognized brands. For more information please visit

Imation and the Imation logo are trademarks of Imation Corp and its subsidiaries.

Photos/Multimedia Gallery Available:

Source: Imation Corp.

Imation Corp.
Natalie Danaher, 651-704-3288
Schwartz MSL for Imation
Mercedes Carrasco, 781-684-0770