What is “Expedient” Notification of a “Data Breach?”

Craig Hoffman and Charlie Shih write:

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred.  Except for a couple of states that require notification to occur no later than 45 days after discovery, there is not a bright-line, objective answer.  Most state breach notification laws require notification to occur as soon as reasonably possible and without undue delay subject to some qualifications.

Read more on Data Privacy Monitor.

About the author: Dissent

Comments are closed.