Heather L. Buchta quoted in article “SMB Awareness of Breach Notification Laws”Software Advice 02/18/15
Following is an excerpt:
Failing to abide by a state’s data breach law can result in financial penalties, which, says Buchta, also vary: In Florida, for instance, these can start at $1,000 each day for the first 30 days, maxing out at $500,000. Other states specify penalties ranging from $10,000 up to $150,000 per incident—while still others may specify damages of $250 to $2,500 “per violation,” which may mean per individual not notified.
Buchta adds that in some cases, state attorneys general may get involved, and that many allow for private rights of action, “which, of course, can lead to class-action lawsuits.”