For whichever U.S. state you are currently residing in(state – Kansas), research its breach notification law. Note that some states do not label it as such, but all 50 states have some form of legislation that mandates an organization’s responsibilities when a data breach affects the state’s citizen’s private, protected information.
What types of organizations or individuals does it apply to?
Is it limited to only those organizations or individuals who reside or exist in that state, or might it affect external interests?
How does the law define or describe the information that it protects, by both name and description?
What exemptions, if any, exist?
What are the penalties for violating the law?
In your opinion, is it effective? Good law? Needing updating? What other critiques or opinions do you have about it?