Louisiana Data Breach Notification Package

(Compliant with La. Rev. Stat. Ann. §§ 51:3071–3077 (2024))

[// GUIDANCE: This template provides two coordinated letters—one to the Louisiana Attorney General (“AG Notice”) and one to impacted Louisiana residents (“Consumer Notice”). Both letters track the statutory content requirements, 60-day timing rule, and AG-filing process under Louisiana’s Database Security Breach Notification Law. Insert the same core incident facts in each letter to maintain consistency and reduce litigation risk.]

TABLE OF CONTENTS

1. AG NOTICE—FORMAL LETTER TO LOUISIANA ATTORNEY GENERAL
   1.1 Document Header
   1.2 Definitions
   1.3 Operative Provisions
   1.4 Representations & Disclaimers
   1.5 Contact & Execution Block

2. CONSUMER NOTICE—LETTER TO AFFECTED INDIVIDUALS
   2.1 Document Header
   2.2 Definitions (Plain-Language)
   2.3 Incident Description
   2.4 Information Involved
   2.5 Protective Measures Already Taken
   2.6 Steps You Can Take
   2.7 Contact & Execution Block

1. AG NOTICE—FORMAL LETTER TO LOUISIANA ATTORNEY GENERAL

1.1 Document Header

[COMPANY LETTERHEAD]
[Street Address]
[City, State ZIP]
[Phone] | [Email]

[VIA CERTIFIED MAIL & EMAIL]

[DATE]

The Honorable [NAME]
Office of the Louisiana Attorney General
Consumer Protection Section
P.O. Box 94005
Baton Rouge, LA 70804
Email: [email protected]

Re: Notice of Data Security Breach – La. Rev. Stat. Ann. §§ 51:3071–3077

1.2 Definitions

The following terms, when capitalized, have the meanings set forth below and apply throughout this AG Notice:

a. “Company” – [LEGAL NAME], a [STATE OF INCORP.] [ENTITY TYPE].
b. “Breach” – The unauthorized acquisition of Personal Information, discovered on [DISCOVERY DATE].
c. “Personal Information” – The data elements defined in La. Rev. Stat. Ann. § 51:3073(4), specifically: [LIST OF DATA ELEMENTS].
d. “Impacted Individuals” – [TOTAL NUMBER] Louisiana residents whose Personal Information was or is reasonably believed to have been acquired.

1.3 Operative Provisions

1. Breach Description
   1.1 Date(s) of Incident: [INCIDENT DATE RANGE]
   1.2 Date Discovered: [DISCOVERY DATE]
   1.3 Nature of Incident: [UNAUTHORIZED ACCESS / HACK / PHISHING / OTHER], resulting in exposure of Personal Information described in § 1.2(c).
   1.4 Systems Affected: [NETWORK SEGMENT / APPLICATION / THIRD-PARTY HOST].

2. Scope of Impact
   2.1 Total Impacted Individuals: [TOTAL NUMBER] (of which [LA RESIDENTS] are Louisiana residents).
   2.2 Other Jurisdictions Notified: [YES/NO]; if yes, list.
   2.3 Consumer Reporting Agencies Notified pursuant to La. Rev. Stat. Ann. § 51:3074(E): [YES/NO]; if yes, date of notice and agencies.

3. Timing Compliance
   3.1 This notice is provided within sixty (60) days of discovery of the Breach, in conformity with La. Rev. Stat. Ann. § 51:3074(A).
   3.2 Reasons for any delay (if applicable under § 51:3074(A)(2)) – [LAW-ENFORCEMENT REQUEST / DETERMINATION OF SCOPE / RESTORATION OF INTEGRITY].

4. Remediation Measures
   4.1 Containment: [STEPS TAKEN — E.G., PASSWORD RESETS, SERVER ISOLATION].
   4.2 Technical Safeguards Implemented Post-Breach: [ENHANCED ENCRYPTION, MFA, ETC.].
   4.3 Consumer Relief: [OFFERED 12-MONTH CREDIT MONITORING / ID-THEFT INSURANCE] at no cost.

5. Notification to Individuals
   5.1 Method(s): [WRITTEN LETTER / EMAIL / SUBSTITUTE NOTICE AS PER STATUTE].
   5.2 Date of Commencement: [MAILING DATE], concurrent with this AG Notice.
   5.3 Sample Consumer Notice attached as Exhibit A.

1.4 Representations & Disclaimers

1. Accuracy. Company represents that, to the best of its knowledge and based on an ongoing investigation, the information contained herein is accurate as of the Effective Date.
2. Continuing Investigation. Company reserves the right to supplement or amend this AG Notice as additional facts are discovered.
3. No Admission. This AG Notice is provided pursuant to statutory duty and does not constitute an admission of liability, fault, or wrongdoing.

1.5 Contact & Execution Block

Respectfully submitted,

[AUTHORIZED SIGNATORY NAME]
[Title]
[COMPANY NAME]

Direct Line: [PHONE]
Email: [EMAIL]

2. CONSUMER NOTICE—LETTER TO AFFECTED INDIVIDUALS

[// GUIDANCE: Use plain-language for consumers; avoid legal jargon that may confuse recipients.]

2.1 Document Header

[COMPANY LETTERHEAD]
[ADDRESS]
[TOLL-FREE HELPLINE] | [EMAIL] | [WEBSITE]

[DATE]

Important Notice About Your Personal Information

2.2 Definitions (Plain-Language)

• “Company” means [COMMON NAME].
• “Personal Information” means information that identifies you, such as your Social Security number or driver’s license number.
• “Breach” means someone outside the Company got access to your Personal Information without permission.

2.3 Incident Description

On [DISCOVERY DATE], we learned that an unauthorized party gained access to certain Company computer systems between [INCIDENT DATE RANGE]. During that time, files containing some of your Personal Information were accessed or could have been accessed.

2.4 Information Involved

Based on our investigation, the following types of Personal Information related to you were involved:
• [☐ Social Security number]
• [☐ Driver’s license / state ID number]
• [☐ Financial account number]
• [☐ Medical information]
• [Other].

We have no evidence that any of this information has been misused, but we are notifying you out of an abundance of caution and in compliance with Louisiana law.

2.5 Protective Measures Already Taken

• We secured the affected systems and engaged a leading cybersecurity firm.
• We reported the matter to law enforcement and the Louisiana Attorney General.
• We are offering you [12] months of free credit monitoring and identity theft protection through [SERVICE PROVIDER]. Instructions for enrollment appear below.

2.6 Steps You Can Take

1. Enroll in Free Credit Monitoring
   • Visit: [URL]
   • Activation Code: [CODE]
   • Deadline: [MM/DD/YYYY]

2. Review Your Account Statements and Credit Reports
   • Obtain free credit reports at www.annualcreditreport.com or 1-877-322-8228.

3. Place a Fraud Alert or Credit Freeze (Optional)
   • Contact Equifax 1-800-525-6285, Experian 1-888-397-3742, TransUnion 1-800-680-7289.

4. Additional Resources
   • Federal Trade Commission: www.IdentityTheft.gov or 1-877-438-4338.
   • Louisiana Attorney General Consumer Protection Hotline: 1-800-351-4889.

[// GUIDANCE: The above satisfies La. Rev. Stat. Ann. § 51:3074(C)(1)(a)–(f) content requirements.]

2.7 Contact & Execution Block

If you have any questions, please contact us at [TOLL-FREE NUMBER] (Monday–Friday, 8 a.m.–8 p.m. CT) or email us at [EMAIL].

Sincerely,

[AUTHORIZED SIGNATORY NAME]
[Title]
[COMPANY NAME]

Exhibit A – Sample Consumer Notice

[Attach a copy of Section 2 (Consumer Notice) verbatim, as required by La. Rev. Stat. Ann. § 51:3074(B)(1)(b).]

[// GUIDANCE:
1. Timing: Mail/email both letters no later than 60 days after discovery to avoid statutory penalties (up to $5,000 per violation).
2. Method: Retain proof of mailing (certified mail, certificate of mailing, or verifiable email logs).
3. Recordkeeping: Maintain a breach incident file—including forensic reports, copies of notices, and mailing lists—for at least five (5) years for potential AG audit or litigation defense.
4. Insurance: Promptly notify cyber-liability carrier; coverage often requires insurer consent before offering credit monitoring.
5. Multi-State Breach: If residents of other states are impacted, incorporate those states’ additional content/timing rules or send separate variant notices.]