/*
/*]]>*/

US State Data & Cybersecurity Compliance

 

TEKRiSQ       Overview       State Laws Table          Our Solutions        Contact Us

Navigating US State Data Security & Privacy Laws

A comprehensive guide for Small and Medium Businesses (SMBs) and Insurance Licensees to understand and comply with evolving state-specific cybersecurity, data security, and privacy regulations across the United States.

Explore State-Specific Laws

 

The Complex Landscape of US Data Regulations

In the United States, data security and privacy are governed by a patchwork of federal and state-specific laws. This evolving landscape can be challenging for businesses, especially Small and Medium Businesses (SMBs) and those in regulated sectors like insurance, to navigate. Each state may have its own unique requirements for data breach notification, consumer privacy rights, and mandated security practices.
Understanding these nuances is not just about legal compliance; it’s about building and maintaining customer trust, protecting sensitive information from escalating cyber threats, and ensuring business continuity. Non-compliance can lead to significant fines, reputational damage, and legal liabilities.
This page provides a centralized reference to help you quickly identify the key data security and privacy laws in each US state, with a particular focus on obligations for SMBs and insurance licensees.

US State Data Security, Cybersecurity & Privacy Laws

The table below summarizes key data security, cybersecurity, and privacy laws by US state. Insurance Licensees should pay particular attention to the “DATA SECURITY LAW IN PLACE?” column, which indicates the presence of a state-specific Insurance Data Security Law (often based on the NAIC Model Law). Each state name links to a more detailed TEKRiSQ summary page where available.

US STATEREGULATORDATA SECURITY LAW IN PLACE?
Alabama
Alabama Department of Insurance
YES! Insurance Data Security Law (Act 2019-98) This law imposes specific data security requirements on insurance licensees in Alabama.
Alaska
Alaska Department of Insurance
YES! Senate Bill 134, enacted in 2024, governs insurance data security in Alaska. It’s largely based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.
Arizona
Arizona Department of Insurance
NO. However, please review Arizona’s Data Breach Notification Law (A.R.S. § 18-552)
Arkansas
Arkansas Insurance Department
YES! Arkansas Code § 23-61-113: This statute governs the disclosure of nonpublic personal information by insurance licensees.
California
California Department of Insurance
YES! California has several cybersecurity & privacy laws, including CCPA, SB-327 , and CPRA,  IIIPAA and older ones
Colorado
Colorado Division of Insurance
YES! Colorado has several cybersecurity & privacy laws worth reviewing.
Connecticut
Connecticut Insurance Department
YES! Connecticut has tough cybersecurity, data security and privacy laws worth understanding. Insurance Data Security laws echo NYDFS 500.
Delaware
Delaware Department of Insurance
YES! Delaware has an Insurance Data Security Act and a tough 2025 DPDPA law, with strong cybersecurity, data security and privacy laws in place. Have a quick review here.
Florida
Division of Insurance Agent & Agency Services
NO. Florida is not very regulated for SMBs in Data Security, Cybersecurity or Privacy. Review the Florida Information Protection Act (FIPA) and the Florida Cybersecurity Act and amendments in 2022 and 2024. These laws establish a framework for managing cybersecurity across Florida’s public sector., emphasizing incident reporting, risk assessments, and vendor accountability.
Georgia
Office of Commissioner of Insurance (OCI)
YES! Review our page to understand obligations, including the Georgia Insurance Data Security Law (Rule 120-2-94)
Hawaii
Hawaii Consumer Affairs-Insurance
YES! Hawaii has some mature consumer protection laws, including an insurance data security law based on NAIC Model Law. Check it out, bra.
Idaho
Idaho Department of Insurance
YES! Idaho has evolving Laws covering cybersecurity, and has a 2025 Insurance Data Security Act under consideration. Check out what’s afoot in The Gem State.
Illinois
Illinois Department of Insurance
YES! Illinois has a very well evolved cybersecurity legal framework, including an Insurance Data Security Law. Read on to understand it.
Indiana
Indiana Department of Insurance
YES! Indiana has a comprehensive set of laws, including an Insurance Data Security Law.
Iowa
N/AInformation not yet summarized for this state.
Kansas
Kansas Department of Insurance
Kansas has well defined and established cybersecurity laws, as well as Data Privacy Insurance Regulations for Licensees to comply with.
Kentucky
N/AInformation not yet summarized for this state.
Louisiana
Louisiana Department of Insurance
YES! Louisiana has a few tough cybersecurity, data security and privacy laws worth understanding.
Maine
N/AInformation not yet summarized for this state.
Maryland
Maryland Insurance Administration (MIA)
YES! State of Maryland Cybersecurity Data Security & Privacy Law is pretty thorough. Make sure you understand your obligations doing business here.
Massachusetts
N/AInformation not yet summarized for this state.
Michigan
N/AInformation not yet summarized for this state.
Minnesota
N/AInformation not yet summarized for this state.
Mississippi
N/AInformation not yet summarized for this state.
Missouri
N/AInformation not yet summarized for this state.
Montana
N/AInformation not yet summarized for this state.
Nebraska
N/AInformation not yet summarized for this state.
Nevada
N/AInformation not yet summarized for this state.
New Hampshire
N/AInformation not yet summarized for this state.
New Jersey
N/AInformation not yet summarized for this state.
New Mexico
N/AInformation not yet summarized for this state.
New York
N/AInformation not yet summarized for this state.
North Carolina
N/AInformation not yet summarized for this state.
North Dakota
N/AInformation not yet summarized for this state.
Ohio
N/AInformation not yet summarized for this state.
Oklahoma
N/AInformation not yet summarized for this state.
Oregon
N/AInformation not yet summarized for this state.
Pennsylvania
N/AInformation not yet summarized for this state.
Rhode Island
N/AInformation not yet summarized for this state.
South Carolina
N/A
Yes
South Dakota
N/AInformation not yet summarized for this state.
Tennessee
Tennessee Data Security Laws
Yes! Tennessee Information Protection Act (TIPA) – Effective July 1, 2025 mandates data protection assessments (DPAs) for businesses, mandates insurance data security laws for licensees
Texas
N/AInformation not yet summarized for this state.
Utah
N/AInformation not yet summarized for this state.
Vermont
N/AInformation not yet summarized for this state.
Virginia
N/AInformation not yet summarized for this state.
Washington
N/AInformation not yet summarized for this state.
West Virginia
N/AInformation not yet summarized for this state.
Wisconsin
N/AInformation not yet summarized for this state.
Wyoming
N/AInformation not yet summarized for this state.
District of Columbia
N/AInformation not yet summarized for this state.
Puerto Rico
N/AInformation not yet summarized for this state.
Guam
N/AInformation not yet summarized for this state.
U.S. Virgin Islands
N/AInformation not yet summarized for this state.
American Samoa
N/AInformation not yet summarized for this state.
Northern Mariana Islands
N/AInformation not yet summarized for this state.

Why State-Level Compliance Matters for Your Business

Understanding and adhering to state-specific data security and privacy laws is critical for all businesses, especially SMBs and regulated entities.

Avoid Costly Penalties

Non-compliance with state laws can lead to significant fines, legal fees, and costly litigation that can severely impact an SMB’s financial stability.

Affordable SMB Cybersecurity Solutions →

Build & Maintain Customer Trust

Consumers are increasingly aware of their data privacy rights. Demonstrating robust compliance builds trust and enhances your brand’s reputation.

Understanding Digital Trust →

Protect Against Cyber Threats

Compliance often mandates the implementation of strong cybersecurity measures, directly protecting your business from data breaches, ransomware, and other attacks.

Enhance Your Security Posture →

Ensure Business Continuity

Proactive compliance and security measures significantly reduce the likelihood and impact of disruptive security incidents, ensuring your operations continue smoothly.

Secure Your Data →

Competitive Advantage

Being recognized as a secure and compliant business can differentiate you from competitors and attract more clients, especially in sensitive industries.

Learn about Data Governance →

Streamline Operations

Implementing well-defined security and privacy practices leads to more organized, efficient, and defensible data handling processes.

Develop Your IRP →

TEKRiSQ Solutions: Your Partner for State-Level Compliance

TEKRiSQ offers comprehensive cybersecurity, data security, and privacy solutions tailored to help your SMB or licensed entity meet diverse state legal requirements.

Cyber Risk Assessments

Identify vulnerabilities and compliance gaps specific to your operating states.

Explore Assessments →

Data Governance & Privacy

Implement frameworks for data handling, aligning with various state privacy mandates.

Learn about Data Governance →

Incident Response Planning (IRP)

Develop robust plans to meet state-specific data breach notification requirements.

Get Your IRP →

Employee Cybersecurity Training

Educate your team on their role in protecting data and complying with state laws.

Explore Training →

Managed Security Services

Ongoing support to continuously monitor and improve your security posture for sustained compliance.

For Consulting Firms →

Endpoint Protection (EDR)

Advanced threat detection and response for your devices, a key component of robust security.

Discover EDR →

Ready to Ensure Your State-Level Compliance?

Don’t let complex regulations be a barrier. Partner with TEKRiSQ for expert guidance and practical solutions.

Get a Free Consultation

 

America USA state data security law NAIC cyber risk assessment define RMM cybersecurity best practices Flaw Hypothesis Methodology high Assurance Guard

 

The following is a list of US states and relevant information about cybersecurity, privacy or data security. Insurance Licensees may see the leftmost field, where any US State Data Security Compliance Law is in place. Each page links to a state-specific summary of the data security and compliance obligations of businesses and licensees operating in that state.

 US STATE

 REGULATOR

 DATA SECURITY LAW IN PLACE?   

 Alabama
Alabama Department of Insurance
 YES! Insurance Data Security Law (Act 2019-98) This law imposes specific data security requirements on insurance licensees in Alabama.
 Alaska
Alaska Department of Insurance
 YES! Senate Bill 134, enacted in 2024, governs insurance data security in Alaska. It’s largely based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.
Arizona
Arizona Department of Insurance
 NO. However, please review Arizona’s Data Breach Notification Law (A.R.S. § 18-552)
Arkansas
Arkansas Insurance Department
 YES! Arkansas Code § 23-61-113: This statute governs the disclosure of nonpublic personal information by insurance licensees.
California
California Department of Insurance
 YES! California has several cybersecurity & privacy laws, including CCPA, SB-327 , and CPRA, IIIPAA and older ones
Colorado
Colorado Division of Insurance
YES! Colorado has several cybersecurity & privacy laws worth reviewing.
Connecticut
Connecticut Insurance Department 
 YES! Connecticut has tough cybersecurity, data security and privacy laws worth understanding.
Delaware
Delaware Department of Insurance
 YES! Delaware has an Insurance Data Security Act and a tough 2025 DPDPA law, with strong cybersecurity, data security and privacy laws in place. Have a quick review here.
Florida
Division of Insurance Agent & Agency Services
 NO. Florida is not very regulated for SMBs in Data Security, Cybersecurity or Privacy.
Georgia
 Office of Commissioner of Insurance (OCI)
 YES! review our page to understand obligations
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana
Louisiana Department of Insurance
 YES! Louisiana has a few tough cybersecurity, data security and privacy laws worth understanding.
Maine
Maryland
 Maryland Insurance Administration (MIA)
YES! State of Maryland Cybersecurity Data Security & Privacy Law is pretty thorough. Make sure you understand your obligations doing business here.
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
Yes
South Dakota
Tennessee
Tennessee Data Security Laws
 Yes! Tennessee Information Protection Act (TIPA) – Effective July 1, 2025 mandates data protection assessments (DPAs) for businesses, mandates insurance data security laws for licensees
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming