Lewis & Clark Law Review
First Page
1221
Abstract
Data breach laws in the United States have evolved in waves during the last couple of decades. There are a few federal laws that address aspects of data security and the aftermath of data breaches, but these laws tend to be narrow or sector-specific. This Article instead focuses on state legislative responses. As of 2018, all 50 states have a data breach law that at least addresses notifications. In this Article, the author presents the results of an empirical examination of the language used in these statutes. Examining the statutes side by side highlights the subtle choices of various state legislatures and allows for identifying distinctions that would not be clear from examining a single statute alone, including considerations of outside sources and influences on legislative text. This comparative approach to statutory interpretation is buttressed by a discussion of the dueling theories of textualism and intentionalism, the effects that the origin of statutory language should have on interpretation, and the application of lessons from social science research about language comprehension. This Article advocates for a uniform approach to data breach laws, especially as they relate to prevention, notification, and enforcement.
Recommended Citation
Carol M. Hayes,
Comparative Analysis of Data Breach Laws: Comprehension, Interpretation, and External Sources of Legislative Text,
23
Lewis & Clark L. Rev.
1221
(2020).
Available at:
https://lawcommons.lclark.edu/lclr/vol23/iss4/4