The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii) driver’s license number or state-issued identification card number, (iii) account number, credit card number or debit card number combined with any security code, access code, PIN or password needed to access an account. The general definition generally applies to computerized data that includes personal information and usually excludes publicly available information that is lawfully made available to the general public from federal, state or local governments or widely distributed media. When a statute varies from this general definition, it will be pointed out and underlined in the chart.

The term “security breach” is used in this chart to capture the concept variably described in state statutes as a “security breach,” “breach of the security,” breach of the security system,” or “breach of the security of the system,” among other descriptions.