Posts

Showing posts with the label cyberinsurance

Potential Implications after a Breach of Personal Data

In addition to the immediate operational impacts, data breaches can trigger a range of legal consequences for clients— from the obligation to provide notice to regulators, individuals, and business partners, to the burden of defending regulatory oversight investigations and class action litigation —not to mention the pressure to mitigate effects on end clients and reputational damage. In the U.S., all 50 states, as well as the District of Columbia and three of the territories, have data breach notification laws with varying requirements, but generally the entity that owns the data (called a “controller”) must notify natural persons if there is unauthorized access to certain categories of their “personal information” (which includes SSNs and financial information). If a vendor suffers a data incident, they must notify the controller, often “immediately,” after which the obligation to provide the notices to the data subjects shifts to the controller . Most industrialized countries have ...