Louisiana Security Breach Notification Law

SB205 Act 499, known as the "Database Security Breach Notification Law," was signed by Governor Blanco on July 12, 2005 and became effective on January 1, 2006. This legislation requires notification to any Louisiana resident whose unencrypted "personal information" was, or is reasonably believed to have been, acquired by an unauthorized person as a result of a "security breach." In addition, the notification must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs to law enforcement or any measures necessary to determine the scope of the breach, prevent further disclosures, and restore the reasonable integrity of the data system.

What is Personal Information? Personal information means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when the name or the data element is not encrypted or redacted:

1. Social security number (SSN).
2. Driver's license number.
3. Account number, credit or debit card number, in combination with any required  security code, access code, or password that would permit access to an individual's financial account.

Personal information shall not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

What is a security breach? A security breach is a compromise of the security, confidentiality, or integrity of computerized data that results in, or there is reasonable basis to conclude has resulted in, the unauthorized acquisition of and access to personal information. Good faith acquisition of personal information by an individual is not a breach of the security of the system, provided that the personal information is not used for, or subject to, unauthorized disclosure.