How to Respond to a Data Breach

By Joe Keenan

Where it becomes tricky is that there's no uniformity across the state laws, Einstein noted. For example, in Massachusetts retailers can not describe the nature of a breach when notifying the state's attorney general and affected customers, yet in Maryland the law says that retailers must describe the nature of the breach when notifying the state's attorney general and affected customers. To help with the confusion, Einstein suggested that retailers have a templated letter ready to go for each state (with inserts for common info). State laws also differ in many cases around notification requirements - timing, method (email, mail), what constitutes "personally identifiable information," etc.

« Previous 1 2 3 4 5 All Next »

0 Comments

View Comments

People:
Martin Einstein

Joe Keenan Author's page Joe Keenan is the executive editor of Total Retail. Joe has more than 10 years experience covering the retail industry, and enjoys profiling innovative companies and people in the space.