Increasingly, c-suite executives and board members have questions about their companies' cybersecurity practices — or lack thereof. This monthly series for The Privacy Advisor is intended to provide high-level answers to some of those questions, specifically focusing on the development of cybersecurity policies, incident-response plans, liability of board members and executives for data breaches and the attorney-client privilege for cybersecurity investigations. In part five, Jeffrey Kosseff, CIPP/US, discusses what to do if your company has had a data breach: Whom do you notify? "Companies must pay careful attention to all state breach notification laws. Failure to adhere to the requirements can result in state regulatory investigations and significant fines. And about a dozen states allow customers to bring private lawsuits against companies that fail to provide the required notice," Kosseff writes.
If you want to comment on this post, you need to login.