Current Trends in Data Breach Notification Laws

Data breaches are becoming both more frequent and costly. If you have been the victim of a cybersecurity incident that has compromised your personal information, a data breach lawyer at Federman & Sherwood can help.

States have been tightening their laws to require companies to notify consumers of data breaches in a shorter amount of time. Further, companies are also directed to make more fulsome reports when they notify consumers of a data breach. Companies may face drastic consequences for not only failing to protect your information, but also for delaying their reports of a data breach.

Speak to an experienced national data breach attorney at Federman & Sherwood to learn whether you have a potential legal case. You may be able to lead or join a class action lawsuit, seeking damages for the harm that you have suffered.

Data Breach Notification is Governed at the State Level

There is no one overarching federal data privacy law that imposes uniform obligations on those who have custody of consumers’ personal data. Instead, companies must follow common law and individual state statutes. A growing number of states have passed their own data privacy laws that cover when companies need to notify victims of breaches. It is essential that companies adhere to this law, so consumers are able to take steps to protect themselves from the consequences of data breaches.

Texas is one of the states which has recently passed a data breach notification law. Texas law is more favorable to companies than statutes in other states. Under Texas law, a company has to notify affected consumers of a data breach “without unreasonable delay.” The outer limit on the amount of time that a Texas company has to notify customers of a breach is thirty days. Oklahoma law is similar to that in Texas in that the company must notify customers “without unreasonable delay,” but there is no outer limit on the amount of time that the company has to report a breach.

States Have Been Shortening Data Breach Notification Time Periods

States have been tightening their deadlines to notify consumers of data breaches period for example, both Florida and Texas have recently shortened the outer limit for notification to thirty days. Other states, including California, are in the process of taking steps to adopt a similar timeline. Even this time period may leave consumers at risk because they may not be able to take measures to protect themselves. One can expect further tightening of these laws in the future, especially as countries abroad have generally aligned around a 72-hour limit for data breach notification.

While there is no one unified Federal data breach law, there is a federal statute that does dictate when certain companies need to notify consumers of a breach. The Securities and Exchange Commission recently issued a new rule that requires public companies to notify consumers of a material cybersecurity event within four business days after they have learned of it. The remedy for violating an SEC rule is not necessarily a consumer lawsuit. Companies would face enforcement actions where they would need to pay government fines if they fail to notify consumers in time. Nonetheless, it is in a company’s best interest to provide notification to Consumers sooner rather than later because it could minimize some of the damages that they would pay in a settlement.

Companies Are Being Required to Give More Information

In addition to shorter time frames for notification, Regulators are now requiring companies to disclose more information about what actually happened during the data breach. Not wanting to subject themselves to liability, and in the interest of protecting the reputation, companies had made a practice of giving disclosure that was somewhat vague. This information may not have been enough to give a robust enough warning where consumers could take some type of protective action. Now, regulators are often requiring companies to inform consumers of the following:

• Type of data compromised
• How the breach occurred
• Mitigation steps taken

In the end, consumers want both accountability and the knowledge of exactly which data of theirs has been compromised. Companies will have no choice but to reveal this information, and in an increasingly more expedited time frame. If the company fails to comply with data breach notification laws, not only could they be subject to penalties from regulators, but it may also increase damages that they owe in a data breach lawsuit.

Contact a National Data Breach Law Firm Today

If your personal information has been compromised while in the possession of another, get legal help from the national data breach attorneys at Federman & Sherwood.  Our offices are in Texas and Oklahoma, and we serve clients in all 50 states. You can schedule a free case review with a data breach lawyer by filling out an online contact form or by calling us today at (800) 237-1277.