As information technology has become more ubiquitous and pervasive, assurance and security concerns have escalated; in response, we have seen noticeable growth in public policy aimed at bolstering cybertrust. With this growth in public policy, questions regarding the effectiveness of these policies arise. This chapter focuses on policy analysis of the state data breach disclosure laws recently enacted in the United States. The state data breach disclosure laws were chosen for policy analysis for three reasons: the rapid policy growth (the United States have enacted 45 state laws in 6 years); this is the first instantiation of informational regulation for information security; and the importance of these laws to identity theft and privacy. The chapter begins with a brief history in order to provide context. Then, this chapter examines the way in which historical, political and institutional factors have shaped our current data breach disclosure policies, focusing on discovering how patterns of interaction influenced the legislative outcomes we see today. Finally, this chapter considers: action that may result from these policies; the action type(s) being targeted; alternatives that are being considered, and; potential outcomes of the existing and proposed alternative policies.