The Governor of Maine is looking at enacting the tightest data privacy law. But in looking at the issue the Mondaq News provides a nice outline of the laws here…

Nevada and Minnesota have enacted similar laws. The Nevada statute (Nevada Revised Statutes section 205.498) makes an Internet provider’s disclosure of confidential information a misdemeanor and provides for a fine between $50 and $500 per violation. The Minnesota law (Minnesota Statutes sections 325M.01–09) requires ISPs to take “reasonable steps to maintain the security and privacy of a consumer’s personally identifiable information” and allows for civil actions by consumers, but not class actions. The Minnesota law prohibits the disclosure of personally identifiable information except as incident to the ordinary course of business of the service provider, in response to a court order, subpoena, or warrant, to another Internet service provider under certain circumstances, or by authorization of the consumer.  Under an exception created by another Minnesota statute, cited in the privacy statute, personally identifiable information may be disclosed to law enforcement if it qualifies as contents of electronic communications “that appear to pertain to the commission of a crime” and that “were inadvertently obtained by the service provider.”