| Privacy Rights Clearinghouse

The Data Breach Chronology Now Tracks Vendors, Subtypes, and Almost 100,000 Breach Notifications

Privacy Rights Clearinghouse has tracked data breach notifications since 2005, and the Data Breach Chronology has become one of the primary datasets researchers use to study patterns in data privacy. We’re excited to release a major update today that adds 30 new fields, six new state data sources, and capabilities we’ve wanted to build for a long time.

Read more about The Data Breach Chronology Now Tracks Vendors, Subtypes, and Almost 100,000 Breach Notifications

Connecticut Data Privacy Act

The Connecticut Data Privacy Act (CTDPA) is Connecticut's comprehensive consumer privacy law, giving residents rights over how businesses collect, use, and sell their personal data.

Read more about Connecticut Data Privacy Act

Iowa Consumer Data Protection Act

The Iowa Consumer Data Protection Act (ICDPA) is a state law that provides residents of Iowa rights when interacting with businesses that collect, use, and sell their personal data.

Read more about Iowa Consumer Data Protection Act

Virginia Consumer Data Protection Act

The Virginia Consumer Data Protection Act (“VCDPA”) is a state law that provides residents of the Commonwealth of Virginia privacy rights when dealing with businesses that collect, use, and sell their personal information.

Read more about Virginia Consumer Data Protection Act

Data Breach Notification Laws

Read more about Data Breach Notification Laws

2025 Data Breach Report

In 2025, the Data Breach Chronology captured 8,019 data breach notification filings from state and federal agencies that publish breach reports. These represented 4,080 unique breach events impacting at least 375 million individuals.

The year's statistics were dominated by Change Healthcare, whose final notification arrived in October, twenty months after the February 2024 ransomware attack, confirming 192.7 million people were affected. It's the largest healthcare data breach ever recorded, more than double the Anthem breach that held that record for a decade.

Read more about 2025 Data Breach Report

Data Breach Notification Laws: A 50-State Survey (2026 Edition)

This survey analyzes and compares data breach notification laws across all 50 U.S. states and the District of Columbia. Using a standardized framework of 50 questions, we examined each jurisdiction's requirements for breach notification timing, covered data types, notification recipients, enforcement mechanisms, and consumer remedies.

This survey reflects statutes enacted as of January 1, 2026.

Explore the Data

Read more about Data Breach Notification Laws: A 50-State Survey (2026 Edition)

Stronger Privacy for Californians: Four Bills Signed into Law

Governor Newsom has signed SB 361, AB 566, AB 656, and SB 446 into law, advancing browser controls, data broker transparency, social media account deletion, and breach notification—continuing California's role as a national leader in consumer data privacy.

AB 566: Requiring Browsers to Make it Easier for Californians to Exercise Privacy Rights