George’s breach notification law was enacted in 2005. The law requires all entities, aside from select governmental agencies, that collect and process personal information to inform residents of any breach that occurs as a result of the unauthorized access of personal information. The law specifically states that businesses must take action within a reasonable timeframe “in the most expedient time possible and without unreasonable delay…”
For third parties who manage information for businesses, such as cloud providers or value-added resellers, the time required to notify affected individuals is clear: Within 24 hours of the discovery of the breach, if personal information is believed to have been disclosed.
Would you be prepared to notify consumers according to the law?
Every business must make sure they’re prepared to notify consumers according to the law. This means taking action in a reasonable timeframe, as well as ensuring you’ve taken action appropriately depending on how many individuals have been impacted:
- Under 10,000 people: Send the notification to each individual whose information was disclosed.
- Over 10,000 people: Send the notification to the Consumer Protection Bureau.
In the event of a breach impacting over 10,000 people, you’re subject to public shaming by the media. However, it’s vital to make sure you’re notifying those affected according to the law, in order to ensure they can take appropriate measures to prevent identity theft:
- Determine what information was stolen
- Change any and all affected passwords
- Get in touch with relevant financial institutions
- Contact the credit reporting bureaus
- Retain some type of credit monitoring
Cohn Consulting Corporation knows laws relating to the confidentiality and security of personal information are complex and confusing. We’re here to help you stay on track to avoid the aftermath of a breach. Call (770) 321-5532 or email us at firstname.lastname@example.org to find out more.
Daniel S. Cohn
Cohn Consulting Corporation
“Your Professionalism with this situation at the Zero hour is definitely a rarity. Your team’s response was to take on a project that you had no prior knowledge of other than a customer was in a tight spot and needed assistance.”