Yes. California implemented breach notification law in 2003, and there are now over 38 states that have similar laws in place. See www.privacyrights.org for more detail on state laws.
Articles in this section
- How do I become PCI Compliant?
- What are the PCI compliance levels and how are they determined?
- If I only accept credit cards over the phone, does PCI still apply to me?
- My business has multiple locations; is each location required to validate PCI compliance?
- Are debit card transactions in scope for PCI?
- Am I PCI compliant if I have an SSL certificate?
- What are the penalties for noncompliance?
- What is defined as ‘cardholder data’?
- What is the definition of merchant?
- What constitutes a payment application?