Adhering to a short disclosure window may mean going public with incomplete information that later could prove inaccurate, a situation that ultimately may cause more harm than good. When a breach occurs, condensing the time by which a report must be made is at odds with the need to complete a forensic investigation, which may take several months, depending on the scope of the breach. Most recently, Delaware passed an amendment, taking effect in April 2018, that includes “unique biometric data generated from measurements or analysis of human body characteristics for authentication purposes” in its data security breach statute.
![breach and clear deadline co op breach and clear deadline co op](https://s1.gaming-cdn.com/images/products/948/616x353/breach-en-clear-deadline-pc-mac-spel-steam-cover.jpg)
As biometric technology use becomes more common to allow employees to clock in at work or access financial accounts, companies and government will increasingly collect and store eye and facial scans, fingerprints and other personal biometric data, as well.īecause what is stored can be stolen, several legislatures have added biometric data theft to their breach reporting statutes. States traditionally have required citizens to be notified if their personally identifiable information (PII) - including driver’s license, credit card or Social Security numbers - has been compromised. Shorter notification deadlines are not the only changes some states have mandated. In Michigan, the penalty can run up to $750,000. Florida requires a fine of up to $500,000 if notice is not given within 180 days of the event. Fines can run into the tens or hundreds of thousands of dollars. Most states enforce the reporting deadlines by assessing civil penalties for failure to provide information within the mandated time frame.
![breach and clear deadline co op breach and clear deadline co op](https://i.ytimg.com/vi/Sq9_gEGxj_M/maxresdefault.jpg)
Several states, including New Mexico and Ohio, now require disclosure no later than 45 days after a breach is discovered.
![breach and clear deadline co op breach and clear deadline co op](http://www.mightyrabbitstudios.com/blog/wp-content/uploads/2016/05/BreachClear_WEB_Characters_03.png)
In the statutes that determine how quickly the public must learn of a breach, states generally have required notice “without unreasonable delay.” That standard permits time for companies and government agencies who experience data loss to research the scope of the breach and how it happened, preserve evidence and discover information that will help prevent future incidents.īut as breaches have become almost commonplace, some state legislatures are beginning to shorten the time frames in which breaches must be reported. Sensitive information found its way into cybercriminals’ hands in more than two dozen major security breaches in 2017, and the rising frequency of cyberattacks is driving a shift in thinking about data breach reporting.