Print this chapterPrint this chapter

Security Frameworks

Data Liability (legal, regulatory, compliance)

The intersection of security risk and laws that set standards of care is where data liability are defined. A handful of databases are emerging to help risk managers research laws that define liability at the country, province/state, and local levels. In these control sets, compliance with relevant laws are the actual risk mitigators.

  • Perkins Coie Security Breach Notification Chart: A set of articles (one per state) that define data breach notification requirements among US states. 
  • NCSL Security Breach Notification Laws: A list of US state statutes that define data breach notification requirements.
  • ts jurisdiction: A commercial cybersecurity research platform with coverage of 380+ US State & Federal laws that impact cybersecurity before and after a breach. ts jurisdiction also maps to the NIST Cybersecurity Framework.