In the Event of a Data Breach, What Do You Tell Your Customers?


With the current announcements of personal information data breaches, it seems to be happening quite frequently. Some of the most-known data breaches of personal information are: Anthem, Ashley Madison, Ebay, JP Morgan Chase, Sony Pictures Entertainment, and Tricare.

The most recent announcement came from Verizon Enterprise Solutions data breach, their massive data breach affected more than 1.5 million customers of their computer security wing.  This breach caused a major ripple effect since this particular division of Verizon helps other corporations when they are victims of data breaches.

When a data breach occurs, according to the Security Breach Notification Laws…

“Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information. Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).”

For more information, state-specific laws are listed at the bottom of the page.

How do cybercriminals target devices for the data that they store? It’s based on how easy you are to exploit and how clear of a path you have to critical systems and valuable data. Malware was a factor in over 50% of all personal information data breaches. The cybercriminals use it as part of the initial compromise in order to capture the valuable data thus allowing them to “leapfrog” into other systems and extract the info and cover their tracks.

AlertOps has multiple ways to notify you; although we can’t stop a person information data breach from happening we can ensure that you receive the proper notifications to manage the service levels.  With AlertOps’ workflows helping to manage escalations, so if and when a data breach occurs, AlertOps can trigger notifications to people and systems simultaneously.  AlertOps will send reminders to the incident owners at regular intervals along with sending reminders based off of an SLA deadline.  Allowing you to trigger other flows, such as changing the control processes needed to resolve major data breach incidents.

AlertOps’ SLAs are set based on priority and severity levels, which allows you to create over rides when needed.  AlertOps’ message rules and workflow engines give you the flexibility to configure and enhance your incident management solution to fit your needs and prevent personal information data breaches.

State Citation
Alaska Alaska Stat. § 45.48.010 et seq.
Arizona Ariz. Rev. Stat. § 44-7501
Arkansas Ark. Code § 4-110-101 et seq.
California Cal. Civ. Code §§ 1798.291798.80 et seq.
Colorado Colo. Rev. Stat. § 6-1-716
Connecticut Conn. Gen Stat. § 36a-701b2015 S.B. 949, Public Act 15-142
Delaware Del. Code tit. 6, § 12B-101 et seq.
Florida Fla. Stat. §§ 501.171282.0041282.318(2)(i)
Georgia Ga. Code §§ 10-1-910, -911, -912; § 46-5-214
Hawaii Haw. Rev. Stat. § 487N-1 et seq.
Idaho Idaho Stat. §§ 28-51-104 to -107
Illinois 815 ILCS §§ 530/1 to 530/25
Indiana Ind. Code §§ 4-1-11 et seq.24-4.9 et seq.
Iowa Iowa Code §§ 715C.1, 715C.2
Kansas Kan. Stat. § 50-7a01 et seq. 
Kentucky KRS § 365.732, KRS §§ 61.931 to 61.934 
Louisiana La. Rev. Stat. §§ 51:3071 et seq.40:1300.111  to .116
Maine Me. Rev. Stat. tit. 10 § 1347 et seq.
Maryland Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308
Massachusetts Mass. Gen. Laws § 93H-1 et seq.
Michigan Mich. Comp. Laws §§ 445.63445.72
Minnesota Minn. Stat. §§ 325E.61325E.64
Mississippi Miss. Code § 75-24-29
Missouri Mo. Rev. Stat. § 407.1500
Montana Mont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq.33-19-321
Nebraska Neb. Rev. Stat. §§ 87-801-802-803-804-805-806-807
Nevada Nev. Rev. Stat. §§  603A.010 et seq.242.183
New Hampshire N.H. Rev. Stat. §§ 359-C:19-C:20-C:21189:66
New Jersey N.J. Stat. § 56:8-161, -163
New York N.Y. Gen. Bus. Law § 899-aaN.Y. State Tech. Law 208
North Carolina N.C. Gen. Stat §§ 75-6175-65
North Dakota N.D. Cent. Code §§ 51-30-01 et seq.51-59-34(4)(d)
Ohio Ohio Rev. Code §§ 1347.121349.191349.1911349.192
Oklahoma Okla. Stat. §§ 74-3113.1, 24-161 to -166
Oregon Oregon Rev. Stat. § 646A.600 to .6282015 S.B. 601, Chap. 357
Pennsylvania 73 Pa. Stat. § 2301 et seq.
Rhode Island R.I. Gen. Laws § 11-49.2-1 et seq., 2015 S.B. 134, Public Law 2015-1382015 H.B. 5220, Public Law 2015-148
South Carolina  S.C. Code § 39-1-902013 H.B. 3248
Tennessee Tenn. Code § 47-18-2107; § 8-4-119 (2015 S.B. 416, Chap. 42)
Texas Tex. Bus. & Com. Code §§ 521.002521.053; Tex. Ed. Code § 37.007(b)(5); Tex. Pen. Code § 33.02
Utah Utah Code §§ 13-44-101 et seq.; § 53A-13-301(6)
Vermont Vt. Stat. tit. 9 § 2430, 2435
Virginia  Va. Code § 18.2-186.6, § 32.1-127.1:05, § 22.1-20.2
Washington Wash. Rev. Code § 19.255.01042.56.5902015 H.B. 1078, Chapter 65
West Virginia  W.V. Code §§ 46A-2A-101 et seq.
Wisconsin Wis. Stat. § 134.98
Wyoming Wyo. Stat. § 40-12-501 et seq.
District of Columbia D.C. Code § 28- 3851 et seq.
Guam  9 GCA § 48-10 et seq.
Puerto Rico 10 Laws of Puerto Rico § 4051 et seq.
Virgin Islands  V.I. Code tit. 14, § 2208