Can I avoid having a data breach response plan in Louisiana? What are the requirements?

Data Breach Response Plan Requirements in Louisiana

Louisiana law requires that entities that experience a data breach must have a response plan in place ^[1.1]. The Database Security Breach Notification Law, R.S. 51:3071 et seq., mandates that any person conducting business in the state or owning or licensing computerized data that includes personal information must implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure ^[3.1].

Penalties for Non-Compliance

Failure to provide timely notice of a breach may result in a fine of up to $5,000 per violation ^[1.1]. An owner or operator who fails to comply with the requirements of allowing access to facilities for emergency response shall be subject to a civil fine of five thousand dollars ^[5.3].

Conclusion

Therefore, it is not possible to avoid having a data breach response plan in Louisiana. The response plan should include written notice detailing the breach of the security system to the Consumer Protection Section of the Attorney General’s Office, including the names of all Louisiana citizens affected by the breach ^[1.1].

Source(s):

• [1.1] Reporting Requirements
• [3.1] Protection of personal information; disclosure upon breach in the security of personal information; notification requirements; exemption
• [5.3] Access to facilities for emergency response

Jurisdiction

Louisiana

• Privacy