Most states have passed laws setting out requirements for any organization which experiences a breach of personal information. While the regulations vary, most states define a breach and require some level of notice to both a responsible party, usually the Attorney General, and to potential victims.
Importantly, these statutes generally apply to the location of the victim, not just the location of the organization. So a company doing business in multiple states is subject to the state data breach statutes of each of the states in which its customers are located.
0 comments:
Post a Comment