How Can We Help?
Notification of Affected Parties
Affected residents must be notified as soon as possible when a Louisiana business’s data breach compromises their personal information. Notification must be made via mail or electronic means, except when the security breach affects more than 500,000 people, or the cost of notification exceeds $250,000. In these cases, public service announcements can be used. Learn more about LA’s data breach laws below.
| Name of Law / Statute | Database Security Breach Notification Law |
| Definition of Protected Information | Combination of (1) name or other identifying info, PLUS (2) one or more of these “data” elements: SSN; driver’s license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes. |
| Who Is Subject to Law? | Any person or agency conducting business in the state or who owns or licenses computer data containing PI |
| Notification of Consumers? | Yes, unless determination of no harm by business |
| By what means? | Written or electronic |
| Substitute Notice Threshold? | If cost of notice >$250,000 or involves >500k residents |
| Notification of authorities / regulators required? | Yes, within 10 days of notice to consumers (per LA Admin. Code title 16 § 701) |
| By what means? | Copy of the notice to consumers |
| Regulatory Fines | Up to $5000/violation if no notice to AG within 10 days |
| Credit monitoring requirement? | No |
| Private lawsuits allowed? | Yes |
| Private damages cap? | Actual economic damages |
| Regulatory actions allowed? | N/A |
| HIPAA Compliance exemption? | N/A |
| Other (e.g., timeframe) | Law does not apply if PI was encrypted or redacted |
| Link to complete law | Louisiana’s Data Breach Law |
Read the full text of Louisiana’s data breach law.
