In the Event of a Data Breach, What Do You Tell Your Customers?


With the current announcements of personal information data breaches, it seems to be happening quite frequently. Some of the most-known data breaches of personal information are: Anthem, Ashley Madison, Ebay, JP Morgan Chase, Sony Pictures Entertainment, and Tricare.

The most recent announcement came from Verizon Enterprise Solutions data breach, their massive data breach affected more than 1.5 million customers of their computer security wing.  This breach caused a major ripple effect since this particular division of Verizon helps other corporations when they are victims of data breaches.

When a data breach occurs, according to the Security Breach Notification Laws…

“Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information. Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).”

For more information, state-specific laws are listed at the bottom of the page.

How do cybercriminals target devices for the data that they store? It’s based on how easy you are to exploit and how clear of a path you have to critical systems and valuable data. Malware was a factor in over 50% of all personal information data breaches. The cybercriminals use it as part of the initial compromise in order to capture the valuable data thus allowing them to “leapfrog” into other systems and extract the info and cover their tracks.

AlertOps has multiple ways to notify you; although we can’t stop a person information data breach from happening we can ensure that you receive the proper notifications to manage the service levels.  With AlertOps’ workflows helping to manage escalations, so if and when a data breach occurs, AlertOps can trigger notifications to people and systems simultaneously.  AlertOps will send reminders to the incident owners at regular intervals along with sending reminders based off of an SLA deadline.  Allowing you to trigger other flows, such as changing the control processes needed to resolve major data breach incidents.

AlertOps’ SLAs are set based on priority and severity levels, which allows you to create over rides when needed.  AlertOps’ message rules and workflow engines give you the flexibility to configure and enhance your incident management solution to fit your needs and prevent personal information data breaches.

AlaskaAlaska Stat. § 45.48.010 et seq.
ArizonaAriz. Rev. Stat. § 44-7501
ArkansasArk. Code § 4-110-101 et seq.
CaliforniaCal. Civ. Code §§ 1798.291798.80 et seq.
ColoradoColo. Rev. Stat. § 6-1-716
ConnecticutConn. Gen Stat. § 36a-701b2015 S.B. 949, Public Act 15-142
DelawareDel. Code tit. 6, § 12B-101 et seq.
FloridaFla. Stat. §§ 501.171282.0041282.318(2)(i)
GeorgiaGa. Code §§ 10-1-910, -911, -912; § 46-5-214
HawaiiHaw. Rev. Stat. § 487N-1 et seq.
IdahoIdaho Stat. §§ 28-51-104 to -107
Illinois815 ILCS §§ 530/1 to 530/25
IndianaInd. Code §§ 4-1-11 et seq.24-4.9 et seq.
IowaIowa Code §§ 715C.1, 715C.2
KansasKan. Stat. § 50-7a01 et seq. 
KentuckyKRS § 365.732, KRS §§ 61.931 to 61.934 
LouisianaLa. Rev. Stat. §§ 51:3071 et seq.40:1300.111  to .116
MaineMe. Rev. Stat. tit. 10 § 1347 et seq.
MarylandMd. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308
MassachusettsMass. Gen. Laws § 93H-1 et seq.
MichiganMich. Comp. Laws §§ 445.63445.72
MinnesotaMinn. Stat. §§ 325E.61325E.64
MississippiMiss. Code § 75-24-29
MissouriMo. Rev. Stat. § 407.1500
MontanaMont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq.33-19-321
NebraskaNeb. Rev. Stat. §§ 87-801-802-803-804-805-806-807
NevadaNev. Rev. Stat. §§  603A.010 et seq.242.183
New HampshireN.H. Rev. Stat. §§ 359-C:19-C:20-C:21189:66
New JerseyN.J. Stat. § 56:8-161, -163
New YorkN.Y. Gen. Bus. Law § 899-aaN.Y. State Tech. Law 208
North CarolinaN.C. Gen. Stat §§ 75-6175-65
North DakotaN.D. Cent. Code §§ 51-30-01 et seq.51-59-34(4)(d)
OhioOhio Rev. Code §§ 1347.121349.191349.1911349.192
OklahomaOkla. Stat. §§ 74-3113.1, 24-161 to -166
OregonOregon Rev. Stat. § 646A.600 to .6282015 S.B. 601, Chap. 357
Pennsylvania73 Pa. Stat. § 2301 et seq.
Rhode IslandR.I. Gen. Laws § 11-49.2-1 et seq., 2015 S.B. 134, Public Law 2015-1382015 H.B. 5220, Public Law 2015-148
South Carolina S.C. Code § 39-1-902013 H.B. 3248
TennesseeTenn. Code § 47-18-2107; § 8-4-119 (2015 S.B. 416, Chap. 42)
TexasTex. Bus. & Com. Code §§ 521.002521.053; Tex. Ed. Code § 37.007(b)(5); Tex. Pen. Code § 33.02
UtahUtah Code §§ 13-44-101 et seq.; § 53A-13-301(6)
VermontVt. Stat. tit. 9 § 2430, 2435
Virginia Va. Code § 18.2-186.6, § 32.1-127.1:05, § 22.1-20.2
WashingtonWash. Rev. Code § 19.255.01042.56.5902015 H.B. 1078, Chapter 65
West Virginia W.V. Code §§ 46A-2A-101 et seq.
WisconsinWis. Stat. § 134.98
WyomingWyo. Stat. § 40-12-501 et seq.
District of ColumbiaD.C. Code § 28- 3851 et seq.
Guam 9 GCA § 48-10 et seq.
Puerto Rico10 Laws of Puerto Rico § 4051 et seq.
Virgin Islands V.I. Code tit. 14, § 2208