Here is some useful info on all the US state laws related to the security which were passed in 2005/2006. The info is assembled by the Multi-State Sharing and Analysis Center (MS-ISAC).
Here is an example:
"Arkansas: An act to provide notice to consumers of the disclosure of their personal information and for other purposes. (Signed by Governor 3/31/2005, Act. 1526)
Connecticut: Requires a business to notify consumers of a breach of personal information without unreasonable delay. It prescribes the method of notice and the options and form for substitute notice. (Signed by Governor 06/08/05, Effective Date for Breach Notification section 1/1/06, Public Act 05-148)
North Dakota: Requires disclosure to consumers of a breach in security by businesses maintaining personal information in electronic form. (Signed by Governor 4/22/05, Chapter 447)"
In general, ISACs have a reputation of being a historic failed attempt at data sharing, but this one seem to be doing something useful...