In an article I posted and we talked about across the network, it took what we think is way too long to be notified.
The first paragraph of the Databreaches article says:
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach, identify the individuals affected, and restore the reasonable integrity of the data system.”
I’m not against the fact that we need to secure the system first, make sure the data is safe and as secure as possible before notification, but you’ll find out that in this instance, there was a huge delay.
One side of the article we’re talking about says that it took 4 months to be notified of the breach, and 2 months to notify everyone. But the article also talks about how it took over a year.
If I were running a business that got breached, I would definitely not wait an entire year to notify anyone of a breach, state or otherwise.
If it took a year for me to know there was a breach, that’s an ongoing problem. But if I was notified two months afterword, I am responsible to notify customers, steakholders and the like of this breach as oon as possible.
The lengthy databreach article is titled An inexcusable gap from breach to notification, or an excusable one? and I hope that you give this a read.
It should not under any circumstance after notification take an entire year to be letting your customers know of a breach.
Give me a break!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.