Data and security breaches have become so common they're almost considered the cost of doing business these days. Even the most careful businesses may not be able to prevent a breach that compromises customers' private information. And as embarrassing as a data breach may be, it can be particularly harmful to customers if their information falls into the wrong hands.
Unless you're doing business solely in Alabama, New Mexico, or South Dakota, you're legally required to notify customers about a security breach, and you may need to take steps to mitigate or remediate injuries caused by the breach. But state laws can differ on the definition of applicable breaches, the level of harm that necessitates notice, and the notice required, among other things. Here's a look.