As consumers, we entrust major organizations with information about our finances, our health, and our identities, and that trust must be assured. However, legislators and consumer advocates calling for businesses to more quickly notify authorities and consumers about a data breach are misguided.
A recent Seattle Times editorial called for more rapid data-breach notification in the wake of Seattle-based Premera Blue Cross disclosing its breach 42 days after discovering the incident. On April 13, Washington State passed legislation compelling businesses to notify the public of a data breach incident notification within 45 days, down from the prior 60-day period. Wisely, the law incorporates a clause allowing for law enforcement to request a delay in order to maintain the integrity of the investigation, and it’s important for all of those pushing for consumer rights to understand why this is essential.
Download the full advisory now.