Breach Notification: Who, When, Why

by Sarah Harvey / April 24th, 2019

With GDPR, CCPA, PIPEDA, HIPAA, and the numerous other state-level data privacy laws going into effect, it is understandable why many organizations don’t know where to start with their breach notification processes. In fact, even if your organization is compliant with these laws and regulations, knowing what to do when a breach happens can be tricky. In this webinar, our Director of Regulatory Compliance, Mark Hinely, explains who needs to be notified of a breach, when they need to be notified, and why breach notification is important. Watch now to learn about the following key takeaways:

  • Why breach notification is unavoidable
  • How breach notification can be simplified
  • How breach notification can be good for brand management

The Importance of Understanding Breach Notification Requirements

Unfortunately, data beaches are an incredibly common experience. This is why understanding the who, when, and why of breach notification best practices is essential. The likelihood that your organization will experience a data breach is only a matter of when, not if, it’ll happen, so it’s critical that you’re prepared and have an effective, actionable process in place to know what to do when it happens.

High-Profile Breach Notification Laws vs. US Breach Notification Laws

High-profile breach notification laws, such as GDPR, CCPA, PIPEDA, and HIPAA, all have specific requirements for notifying the public of breaches, but many of their requirements are similar or even overlap. On the other hand, the US has more than 50 specific state breach notification laws, all of which are much different than the high-profile breach notification laws. For example, more states are moving towards specific notification timelines (i.e. Colorado gives 30 days and Arizona gives 45 days) compared to more generic timelines, like those of CCPA and PIPEDA. States are also requiring more data elements like resident names, biometric data, military information, and IP addresses during the breach notification process. Finally, many states are enforcing sector-specific notification requirements, such as New York who recently implemented NY CRR 500, which requires breach notification laws for the financial industry; South Carolina who has breach notification requirements for insurers; and Virginia who has breach notification requirements for tax preparers.

Ready to learn more about how your organization can improve your breach notification processes? Want to find out how breach notification can actually be good for business? Watch the full webinar now. To learn more about how KirkpatrickPrice can help you develop your breach notification process, contact us today.

For additional information about the developments of breach notification laws, visit the National Conference of State Legislatures.