| Privacy Rights Clearinghouse

Header Image - "2025 Data Breach Report" an annual analysis powered by the Data Breach Chronology,examining a year of breach notifications to understand the trends, gaps, and patterns in how breaches happen and how they're disclosed.

In 2025, the Data Breach Chronology captured 8,019 data breach notification filings from state and federal agencies that publish breach reports. These represented 4,080 unique breach events impacting at least 375 million individuals. This report examines what those 4,080 breaches tell us about the state of data security, and where the gaps in breach reporting leave consumers in the dark.

When a breach happens, what does your state actually require? 50 questions applied to 51 jurisdictions reveal how notification laws vary on timing, covered data, and consumer remedies.

Data Breach Notification Laws: A 50-State Survey (2026 Edition)

This survey analyzes and compares data breach notification laws across all 50 U.S. states and the District of Columbia. Using a standardized framework of 50 questions, we examined each jurisdiction's requirements for breach notification timing, covered data types, notification recipients, enforcement mechanisms, and consumer remedies.

The survey reflects statutes enacted as of January 1, 2026.

light blue background of a book shelf with a picket sign on the right that says amplify your voice and a hand holding a bullhorn at the bottom right and another hand holding a magnifying glass on the bottom left with the work law in the glass

Stronger Privacy for Californians: Four Bills Signed into Law

Governor Newsom signs SB 361, AB 566, AB 656, and SB 446, advancing browser controls, data broker transparency, social media account deletion, and breach notification

Data broker registrations by state versus total identified brokers (750). The gap between registered brokers and the reference line represents brokers that may be required to register but have not yet done so, highlighting significant compliance gaps across all state registries.

Why Are Hundreds of Data Brokers not Registering with States?

Hundreds of data brokers have not registered with state consumer protection agencies. These findings come as more states are passing data broker transparency laws that require brokers to provide information about their business and, in some cases, give consumers an easy way to opt out.

Privacy Rights Clearinghouse and Consumer Reports Support Senate Bill 361 to improve data broker reporting

We're proud to stand with Consumer Reports in supporting Senator Becker's SB 361 to improve the registration and transparency requirements of the California Delete Act.

Privacy Rights Clearinghouse and Coalition support AB 566 to make it easier to exercise your privacy rights

Exercising your privacy rights can unfortunately be an unnecessarily arduous task. That's why we're proud to stand with a coalition of civil society, consumer protection and privacy advocates supporting Assembly Bill 566, a bill that would require browsers and mobile operating systems to include a setting that enables a consumer to send an opt-out preference signal.

Light peach colored background with report cover on top that says paying twice to learn against a chalkboard inside a classroom

Events

Massachusetts

Education

Privacy Rights Clearinghouse Presents Ed Tech Report at Northeast OER Summit

On March 3, Meghan Land will present PRC's report Paying Twice to Learn with Ariel Fox Johnson, Principal, Digital Smarts Law & Policy, at the Northeast OER Summit. They will discuss the report's findings and ways in which OER and privacy advocates might work together to improve student experiences with digital courseware.