New laws in many states require protection of personally identifiable customer data, not just notification after a security breach. Even if a company is not located in an affected state, the laws will apply if the company maintains data from residents of that state. Due to the proliferation of personally identifiable data like credit card numbers, businesses from self-employed service providers to large enterprise companies need to take measures to be in compliance.