Reports

From revealing weak student privacy protections to providing in-depth information about data breaches impacting consumers—we look for gaps in privacy protections and dive deep to surface them. 

bllue background with magnifying glass and a locked laptop icon with a black woman wearing gray glasses and a black and white striped shirt on top with white words on top of a navy blue background that says do you know where your information goes online?
Search the Archives
Header Image - "2025 Data Breach Report" an annual analysis powered by the Data Breach Chronology,examining a year of breach notifications to understand the trends, gaps, and patterns in how breaches happen and how they're disclosed.
Reports

2025 Data Breach Report

In 2025, the Data Breach Chronology captured 8,019 data breach notification filings from state and federal agencies that publish breach reports. These represented 4,080 unique breach events impacting at least 375 million individuals. This report examines what those 4,080 breaches tell us about the state of data security, and where the gaps in breach reporting leave consumers in the dark.
When a breach happens, what does your state actually require? 50 questions applied to 51 jurisdictions reveal how notification laws vary on timing, covered data, and consumer remedies.
Reports

Data Breach Notification Laws: A 50-State Survey (2026 Edition)

This survey analyzes and compares data breach notification laws across all 50 U.S. states and the District of Columbia. Using a standardized framework of 50 questions, we examined each jurisdiction's requirements for breach notification timing, covered data types, notification recipients, enforcement mechanisms, and consumer remedies.

The survey reflects statutes enacted as of January 1, 2026.
Data broker registrations by state versus total identified brokers (750). The gap between registered brokers and the reference line represents brokers that may be required to register but have not yet done so, highlighting significant compliance gaps across all state registries.
Reports

Why Are Hundreds of Data Brokers not Registering with States? 

Hundreds of data brokers have not registered with state consumer protection agencies. These findings come as more states are passing data broker transparency laws that require brokers to provide information about their business and, in some cases, give consumers an easy way to opt out.