Supply Chain Attack Targets Face Array of Disclosure Mandates

Wednesday, December 23, 2020

Brian Kint discusses when businesses are required to notify customers about the cyberattack that hit the U.S. government and the public sector in Bloomberg Law. As businesses work to determine the extent of the attack, they are also left grappling with varying state and data breach notification laws and other disclosure requirements. After determining if a they were a victim of a cyberattack and taking the necessary measures to prevent future attacks, businesses need to determine if they are required to notify consumers under state law.

According to Brian, loss of a data set containing consumers’ name and dates of birth may not trigger notification requirements in some states because it is unlikely to pose financial harm or an identity risk.

“If there’s no substantial risk of harm, you may not have to take on notification,” depending on the state, Brian said.


To read the full article, click here

Related Practice Areas

Keep up-to-date with the latest news from Cozen O'Connor

Enter your City or Zip.

Probably shouldn't change this:
Sign up to receive alerts, publications, and event / webinar invites.

By submitting your contact information, you are giving Cozen O'Connor consent to contact you via email.