- 2011 saw a rise in data security breaches and states passing laws requiring companies to notify customers of breaches and implement reasonable security measures like encryption. - States like Massachusetts, Nevada, Washington and Minnesota have passed laws regarding encryption, payment card data storage, and reimbursing banks for costs after breaches. - The SEC issued guidance for public companies to disclose cybersecurity risks and incidents that could materially impact their business. - The Mobile Marketing Association published mobile app privacy policy guidelines around what user data is collected and how it is used.