And finally, states are taking action... until recently, only the state of California had laws in place that require institutions to disclose sensitive information breaches to their customers. As of June 20 of this year, 35 states have similar laws in place. You can find the complete list with a summary of the laws here.