The Utah Consumer Privacy Act (UCPA) is a state law that provides residents of Utah rights when interacting with businesses that collect, use, and sell their personal data.
In 2025, the Data Breach Chronology captured 8,019 data breach notification filings from state and federal agencies that publish breach reports. These represented 4,080 unique breach events impacting at least 375 million individuals. This report examines what those 4,080 breaches tell us about the state of data security, and where the gaps in breach reporting leave consumers in the dark.
This survey analyzes and compares data breach notification laws across all 50 U.S. states and the District of Columbia. Using a standardized framework of 50 questions, we examined each jurisdiction's requirements for breach notification timing, covered data types, notification recipients, enforcement mechanisms, and consumer remedies.
The survey reflects statutes enacted as of January 1, 2026.
The survey reflects statutes enacted as of January 1, 2026.