{"id":31182,"date":"2021-06-02T20:08:55","date_gmt":"2021-06-02T20:08:55","guid":{"rendered":"https:\/\/www.dvirc.org\/insights\/data-breach-notification-laws-how-to-manufacture-a-confident-response\/"},"modified":"2023-03-08T14:01:30","modified_gmt":"2023-03-08T14:01:30","slug":"data-breach-notification-laws-how-to-manufacture-a-confident-response","status":"publish","type":"post","link":"https:\/\/www.dvirc.org\/insights\/data-breach-notification-laws-how-to-manufacture-a-confident-response\/","title":{"rendered":"Data Breach Notification Laws: How to Manufacture a Confident Response"},"content":{"rendered":"

Written By: Robert Barnes<\/p>\n

With the number of reported data breaches steadily increasing every year, they are in the news so frequently that it\u2019s hard to keep them all straight. In 2017,\u00a0Equifax suffered a massive breach<\/a>, and almost 150 million customer records (representing nearly half the U.S. population) were stolen. In 2018,\u00a0Marriott International experienced a breach<\/a>\u00a0where hundreds of millions of customer records \u2013 including personal information, credit card numbers and even passport numbers \u2013 were compromised.<\/p>\n

Data breaches affect\u00a0all types of organizations<\/a>\u00a0\u2013 large and small, popular and little known. While the big company breaches make the news, you rarely hear about smaller companies that are often vulnerable and can find themselves in the crosshairs of cybercriminals. Most involve some type of hacking, such as a phishing attacks or malware, where an attacker successfully gains access to protected or private information.<\/p>\n

Data Breach Notification Laws \u2013 It\u2019s Complicated<\/h2>\n

If your manufacturing company experiences a breach, what will you do? Should you notify law enforcement right away? Notify customers? Is there anyone else to inform? How long do you have?<\/p>\n

The answers are complicated. While no comprehensive federal laws exist, each state and territory has its own data breach notification law. These laws require anyone that suffers, or even suspects, a breach to notify customers of anything involving personally identifiable information. The laws also require notifying law enforcement and taking specific steps to remedy the situation. But state laws vary considerably when it comes to the types of information covered, timing of notifications and reporting standards. Who must comply and what even constitutes personal data varies state to state. Adding to the complexity, requirements are also changing, with some states recently updating their laws.<\/p>\n

How Much Time Do I Have to Report a Data Breach?<\/h2>\n

Most data notification laws require that businesses notify customers without unreasonable delay. The length of time varies by state and industry sector. When dealing with a data breach, manufacturers have competing responsibilities \u2013 to their company, to others in the industry, to customers and to law enforcement. There are even circumstances where law enforcement is investigating a breach and it must be temporarily concealed.<\/p>\n

Prepare for Data Breaches Before They Happen<\/h2>\n

Treat data breach notification plans as you would any other disaster plan \u2013 don\u2019t wait! Since there is no single, standard response to a data breach, U.S. manufacturers must understand the specific state and federal laws that apply to them. Manufacturers must consider the laws in all states where they conduct business.<\/p>\n

Luckily, there are several excellent resources manufacturers can turn to for some clarity. Several organizations summarize state data breach laws, including\u00a0National Conference of State Legislatures<\/a>,\u00a0IT Governance<\/a>\u00a0and\u00a0Perkins Coie<\/a>.<\/p>\n

To ensure that your manufacturing company complies with data protection laws, you should stay aware of current regulations for your state and industry. A data breach will always be a stressful event. Awareness of your obligations and a plan in place can ease some of the stress \u2013 and help you avoid heavy fines. Here are some tips:<\/p>\n