Most companies have come to appreciate that, regardless of their industry, prominence or information they possess, they are a potential target of a cyberattack. However, companies often overlook another recent development in this area: the speed with which they must now respond to these attacks to limit their liability exposure.
When cyberattacks first began to occur, companies could often control the timing of when they disclosed the attack to their customers, shareholders and the general public. Companies could be reasonably confident that until they disclosed the attack, there was little chance the incident would become public. In addition, while certain state data-breach notification laws specified the time frame within which customers must be notified of the breach, most states provided only loose parameters. California, for example, requires disclosure "in the most expedient time possible and without unreasonable delay," but also allows a company to account for "any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system." Calif. Civ. Code § 1798.29(a).
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
