Did You Suffer a Data Breach and What Are Your Notice Obligations?
Much like many aspects of life, when a business confirms it has suffered a data breach (not just an incident where the business would lack the statutory and potential regulatory notification obligations), the hardest part is sometimes figuring out where to begin. An effective response strategy involves a quick yet thorough assessment of key factors that affect a business' notification obligations. Implementing an appropriate response once a breach has been confirmed requires answers to fundamental questions: How did the incident or breach occur? Was the compromise contained? When did it happen? When was it discovered? What type of information was compromised? Who must be notified? When must notification be given? What constitutes adequate notice?