Multiple US States Enact Stricter 30-Day Data Breach Notification Laws

Cybersecurity remains a critical area of focus in 2025, with evolving state and federal regulations emphasizing stricter breach notification deadlines and enhanced security safeguards embedded within privacy laws, particularly in states like California, New York, and Oklahoma. Bank of America is actively strengthening its data protection capabilities through an Information Security Transformation Lead role, focused on advancing Data Loss Prevention (DLP) across multiple channels to counter sophisticated threats and meet regulatory demands. High-profile data breaches continue to underscore the risks, as exemplified by the 2015 Ashley Madison hack, which exposed millions of users' sensitive information, leading to significant personal and legal repercussions. These incidents highlight the importance of timely detection and response to data exposures "in the wild," a concept critical for understanding active exploitation beyond controlled environments. Additionally, concerns extend beyond traditional breaches to include the handling of personal travel information, as investigations reveal airlines sharing passenger data with federal agencies, raising privacy and security questions. Collectively, these developments illustrate the dynamic challenges and responses shaping data security and privacy landscapes today.