Skip to main content
Iowa Attorney General
Main Content

Security Breach Notifications

Anyone who encounters a security breach that affects at least 500 Iowa residents must provide written notice to the Attorney General’s Consumer Protection Division Director within five business days after notifying affected people.

Iowa law (Iowa Code Chapter 715C) defines a security breach as any unauthorized acquisition of personal information “maintained by a person in any medium, including on paper, that was transferred by the person to that medium from computerized form and that compromises the security, confidentiality, or integrity of the personal information.”

Personal information includes a Social Security number, driver’s license or unique government identification number, financial account number, credit or debit card number in combination with a required expiration date or other password or security code that would permit access to a person’s financial account, and unique biometric data.

Personal information includes information that is encrypted, redacted, or somehow altered so that it is unreadable, if the keys to unencrypt, remove redactions, or otherwise read the information, have also been obtained through the breach.

The Consumer Protection Division maintains all security breach notifications filed since the law took effect on July 1, 2014.





Consumer Protection Division
Security Breach Notifications
Office of the Attorney General of Iowa
1305 E. Walnut Street
Des Moines, Iowa 50319-0106

Quick Exit
© 2024 State of Iowa Office of the Attorney General. All rights reserved.