There’s no national data breach notification law, but odds are your organization is still required to take action after a security incident.
After a data theft, it’s important for companies to perform a proper breach notification. However, a recent study says companies fail to report key information after they’re breached.
Most businesses are already required by state law to notify affected people after a data breach, but a new proposed data breach notification law in Congress could make compliance easier and less complicated.
In October of last year, the SEC issued guidelines telling publicly traded companies when they must report details of a cybersecurity attack. But eight months later, companies are still not being honest about breaches and other incidents, according to a recent report.
When businesses are hit with data breaches, they face not only legal fees and other clean-up costs, but also potential lost business and damages to the organization’s reputation. Those costs can be significant, which is why it’s critical to respond properly after a breach.
It’s almost inevitable that a company will become the victim of a data breach at some point. But there are some steps organizations can take to minimize the harm those incidents cause.
Despite recent guidance from the federal government explaining when publicly traded companies must disclose details about information security incidents, many companies are failing to do so, according to a new report.