« Previous Post | Blog Home | Next Post »

AIG breach disclosed 3 months after theft

Posted on Jun 26, 2006 by Tom Fragala

InformationWeek has an article about how the data breach notification laws often result in extended times for disclosure. The AIG breach was made public over three months after the theft of the equipment.

Companies can use considerable discretion in how fast, how broadly, and under what conditions they must disclose customer data breaches, since the laws vary widely from state to state. Businesses with customers in states with data-breach disclosure laws generally are required to notify customers as soon as possible after discovery of a data breach. But state laws don't set a specific time within which companies must comply, using language like "without unreasonable delay" and "the most expedient time possible." Most of the 33 state laws say law enforcement can delay customer notification if that would impede an investigation…

Filed under: Data Breach, Identity Theft

Subscribe to posts

Subscribe to comments

Sign up for myTruston®

Subscribe to our newsletter

AIG breach disclosed 3 months after theft

Posted on Jun 26, 2006 by Tom Fragala

Comments

Post a Comment