What, when and how to respond to a data breach
There’s been a data breach. It happened 268 times during 2006 (according to the Privacy Rights Clearinghouse). Now, it’s happened to your organization. What do you do?
Well, you might want to obey the 33 or so state laws that govern when and how you should notify the people named in those exposed files, gently breaking it to them that, because of you, they’re now naked to identity theft. The laws are hardly copies of each other, but the standard bearer is California SB 1386. The California Office of Privacy Protection has 30 pages of recommendations on how to comply with it.
[ Read more ]