All 50 states have now passed data breach laws that hold companies accountable when their databases are compromised by cybercriminals. The type of data breach that triggers the responsibility to notify users varies by state. However, all 50 states include the following:
First name/initial and last name AND:
- Social Security number (SSN) or
- Driver’s license number, state ID # or
- Account number, credit or debit card number, combined with a PIN and password or access code
Federal Laws May Be On the Horizon
Federal laws for data breach notification have been under discussion for some time. In fact, according to a recent Politico article, the Treasury has asked Congress to enact a federal law to safeguard consumer financial data.
Why Some Companies Are Hiring Hackers
“We are constantly sharing our private information through the internet, which can leave us vulnerable and eventually exploited by the third parties. Whether you are trying to find a way to protect yourself or your loved ones before any harm is done or whether you are looking to restore your stolen data, Hackershire is offering you a way to hire a hacker through a simple click of a button,“ according to Hackershire, on online forum matching ethical hackers to companies and individuals looking recover or prevent theft of their personal information.
Sample Notice Requirement: California
The various state laws detail how quickly companies must notify clients of a data breach. The most prevalent time frame is 30 to 60 days. This gap is meant to give companies time to track done the hacker(s) responsible for the stolen data. All states require different information to be included in customer communications regarding the breach:
1. Name and contact at the company
2. A list of personal information at risk
3. The date of the breach, if known.
4. Whether notification was held up due to a law enforcement investigation.
5. A general description of the incident.what happened
6. The toll-free telephone numbers and address of major credit reporting to prevent further identity theft
Hiring an ethical hacker and learning what your firm can do to prevent data breaches are ways that you can prevent the embarrassment of sending a notification to clients and possibly ending up in a class action suit.
