Security Breach Notifications
Report and review Iowa security breach notifications.
This page helps businesses, attorneys, compliance professionals, and consumers find security breach notification information filed with the Iowa Attorney General’s Office.
Review reporting information, browse notices by year, and jump to the correct annual records page.
Choose a year to review submitted breach notices.
Use the selector below to choose an annual records page.
Where to send notice
Send security breach notifications to the Consumer Protection Division.
Important reporting reminder
This page provides annual notice archives and a general overview of Iowa’s reporting framework. Businesses should review Iowa law and any applicable federal requirements before submission.
- Confirm the number of affected Iowa residents.
- Confirm when consumer notice was or will be sent.
- Identify the type of personal information involved.
- Review whether separate federal reporting obligations also apply.
Information for filers, reviewers, and the public.
Businesses & organizations
Use this page to understand the reporting pathway, browse year archives, and review prior filings.
Attorneys & compliance teams
Use the annual pages to review posted notices and archived filings.
Consumers & media
Use the annual pages to review notices received by the office and identify organizations that submitted them.
Overview of Iowa’s reporting framework.
Iowa resident threshold
If a breach requires notice to more than 500 Iowa residents, written notice must also be sent to the Iowa Attorney General.
Timing
The Attorney General notice is due within five business days after notice is given to consumers.
Consumer notice content
Iowa law identifies minimum content requirements, including a description of the breach, approximate date, information involved, credit reporting agency contact information, and advice about reporting identity theft.
Federal overlap
Some entities may have separate or substitute federal obligations, including under GLBA or HIPAA, depending on the business and data involved.
Records are organized by year. Within that year, notices and supplemental documents are ordered and dated on the date in which we received the notice from the business.
Start here
Start here, then choose a specific year.
Select a year
Choose a specific annual archive using the year selector or year cards below.
Review entries
Open that year page to review posted breach notices and any linked documents.
Move between years
Each year page includes the same selector and a return button back to this main hub.
Common questions about security breach notices and annual archives.
Filers should promptly secure systems, determine the scope of the incident, review applicable law, and coordinate internal, forensic, and legal response steps before finalizing notices.
In some situations, yes. Depending on the entity and the data involved, federal requirements such as HIPAA or the FTC Safeguards Rule may apply in addition to, or as part of, the overall breach response framework.
Each annual page can list the date reported, organization name, and direct links to the posted breach notice documents or detailed entries for that year.
Consumer Protection Division contact information
For filing direction or general assistance, contact the Iowa Attorney General’s Consumer Protection Division.
