The notices should be sent or updated on a rolling and continuous basis. Once an organization is aware of the data breach it should begin notifying affected consumers, even if the total number of residents affected has not yet been determined. This means a breach may have occurred at a retailer but if the consumer used their bank issued card, the financial institution reports the breach as well. For example: In addition to the regular reporting requirements, the law also requires financial institutions to report when a debit or credit card they issue is compromised. It is important to understand that some breaches are a result of a breach from a third-party vendor or other entity. Information regarding whether law enforcement is engaged investigating the incident.Any steps intended to be taken relative to the incident subsequent to notification and.The steps already taken relative to the incident.The number of Massachusetts residents affected as of the time of notification.A detailed description of the nature and circumstances of the breach of security or unauthorized acquisition or use of personal information.Within a reasonable amount of time after either the discovery of a breach or knowledge that personal information was obtained, the business or entity that was breached must notify both the Office of Consumer Affairs and Business Regulation and the Attorney General’s Office of the breach.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |