Thirty-Day Data Breach Notification Is a Good First Step
Posted in: UncategorizedDuring his State of the Union address earlier this month, President Barack Obama called for legislation to guard against cyber attacks, identity theft and to “protect our children’s information.” Earlier in January, his administration proposed a national breach notification law that requires companies to notify consumers within 30 days of discovering that their personal information was hacked. This legislation in various forms has floated around Congress for years, but the recent outbreak of high profile security breaches at companies like Sony and Target could be the impetus needed for the bill to finally pass.
Every state’s laws are unique and so any business operating across state lines has to navigate through a tangled and confusing web of regulations. In the age of ecommerce, this is a challenge faced by millions of businesses. This federal law is an effort to create a minimum standard and more cohesive policies that make it easier for businesses to adhere to breach notification laws across states.
The 30 days is sufficient time to identify the impact of a breach, but how to best notify the consumer when a breach occurs will still take time to iron out.
Post a Comment