Computer Security Awareness Training

Scott Berinato with CSO provides an excellent resource and state by state map for Data Breach Notification Laws.

While most states follow the basic tenets of the California law, some allow for more exemptions or do not allow a private right of action.

Scott lists a few other important details to consider including:
1. Notification guidelines: how soon a company is required to inform customers of a data breach. In California, this is “as soon as possible, without unreasonable delay.”
2. Penalty for failure to disclose: whether or not there are civil or criminal penalties for a failure to disclose. In California, a company cannot be penalized for its lack of promptness alone.
3. Private right of action: whether this option exists for consumers in that state. In California, this is available.
4. Exemptions: what kinds of breaches, if any, companies are exempt from reporting. California allows exemptions for encrypted data that’s lost and publicly available government data. In California there is no such thing as an immaterial breach, while other states do have a definition of immaterial breach.

Subscribe to the CyberSecurity Training and Awareness blog to be the first to learn about future Cybersecurity training news and Security Awareness Training solutions.