Financial Institutions operating in the United States face two sets of breach notification requirements (BNR): one established by the Gramm-Leech Bliley Act (GLBA), and the other by state law. Currently, the GLBA sets a minimum BNR, allowing states to develop higher standards.1 For example, while under the GLBA an institution is only responsible for notifying…