In 2025, the Data Breach Chronology captured 8,019 data breach notification filings from state and federal agencies that publish breach reports. These represented 4,080 unique breach events impacting at least 375 million individuals. This report examines what those 4,080 breaches tell us about the state of data security, and where the gaps in breach reporting leave consumers in the dark.

This survey analyzes and compares data breach notification laws across all 50 U.S. states and the District of Columbia. Using a standardized framework of 50 questions, we examined each jurisdiction's requirements for breach notification timing, covered data types, notification recipients, enforcement mechanisms, and consumer remedies.

The survey reflects statutes enacted as of January 1, 2026.

Privacy Rights Clearinghouse, alongside a coalition of civil rights, consumer, and privacy organizations, strongly opposes the Congressional Review Act (CRA) resolution S.J. Res 28, which would roll back vital consumer protections for digital payment apps. This resolution threatens to remove essential oversight that helps ensure the safety and security of millions of users who rely on these apps daily. We urge Senators to reject this resolution and protect consumers from increased vulnerability to fraud, misuse of sensitive personal data, and unjust account freezes or deactivations.