Brian Kint discusses when businesses are required to notify customers about the cyberattack that hit the U.S. government and the public sector in Bloomberg Law. As businesses work to determine the extent of the attack, they are also left grappling with varying state and data breach notification laws and other disclosure requirements. After determining if a they were a victim of a cyberattack and taking the necessary measures to prevent future attacks, businesses need to determine if they are required to notify consumers under state law.
According to Brian, loss of a data set containing consumers’ name and dates of birth may not trigger notification requirements in some states because it is unlikely to pose financial harm or an identity risk.
“If there’s no substantial risk of harm, you may not have to take on notification,” depending on the state, Brian said.
To read the full article, click here.