Thirteen years after California passed the first-ever breach notification law in 2002, there are now only three states that do not have one — Alabama, New Mexico and South Dakota. While most states have embraced the need for consumer identity theft remedies and notification legislation, there are almost as many differences in each state’s law as there are states. It is within this context that the federal government has become more proactive in addressing the public outcry that immediately followed the massively invasive cyberattack on Sony Pictures Entertainment Inc. by proposing a national standard for definitions of sensitive personally identifiable information and a deadline for breach notification.
Continue reading via the View Media link.