US State Data & Cybersecurity Compliance

The following is a list of US states and relevant information about any US State Data Security Compliance Law in place. Each page links to a state-specific summary of the data security and compliance obligations of businesses operated and/or licenses in that state.

US STATE	REGULATOR	DATA SECURITY LAW IN PLACE?
Alabama	Alabama Department of Insurance	YES! Insurance Data Security Law (Act 2019-98) This law imposes specific data security requirements on insurance licensees in Alabama.
Alaska	Alaska Department of Insurance	YES! Senate Bill 134, enacted in 2024, governs insurance data security in Alaska. It’s largely based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.
Arizona	Arizona Department of Insurance	NO. Arizona’s Data Breach Notification Law (A.R.S. § 18-552)
Arkansas	Arkansas Insurance Department	YES! Arkansas Code § 23-61-113: This statute governs the disclosure of nonpublic personal information by insurance licensees.
California	California Department of Insurance	YES! California has several cybersecurity & privacy laws, including CCPA, SB-327 , and CPPA, IIPPA and older ones
Colorado	Colorado Division of Insurance	YES! Colorado has several cybersecurity & privacy laws worth reviewing.
Connecticut	Connecticut Insurance Department	YES! Connecticut has tough cybersecurity, data security and privacy laws worth understanding.
Delaware
Florida
Georgia
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana	Louisiana Department of Insurance	YES! Louisiana has a few tough cybersecurity, data security and privacy laws worth understanding.
Maine
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina		Yes
South Dakota
Tennessee		Yes
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming

US State Data & Cybersecurity Compliance

US STATE

REGULATOR

DATA SECURITY LAW IN PLACE?

YES! Insurance Data Security Law (Act 2019-98) This law imposes specific data security requirements on insurance licensees in Alabama.

YES! Senate Bill 134, enacted in 2024, governs insurance data security in Alaska. It’s largely based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.

NO.

Arizona’s Data Breach Notification Law (A.R.S. § 18-552)

YES! Arkansas Code § 23-61-113: This statute governs the disclosure of nonpublic personal information by insurance licensees.

YES! California has several cybersecurity & privacy laws, including CCPA, SB-327 , and CPPA, IIPPA and older ones

YES! Colorado has several cybersecurity & privacy laws worth reviewing.

YES! Connecticut has tough cybersecurity, data security and privacy laws worth understanding.

YES! Louisiana has a few tough cybersecurity, data security and privacy laws worth understanding.

Minnesota

Mississippi

Missouri

Montana

Nebraska

New Hampshire

New Jersey

New Mexico

North Dakota

Ohio

Oklahoma

Oregon

Pennsylvania

Rhode Island

Yes

Yes

Texas

Utah

Vermont

Virginia

Washington

West Virginia

Wisconsin

Wyoming