Security Breach Response

In an interim final rule published on October 2, another layer has been added to the compliance landscape for defense contractors. In addition to complying with breach notification requirements in as many as 47 different states in the event of a breach involving personally identifiable information, Department of Defense contractors now have to comply with the rapid notification rules issues by DOD in the even of a cyber incident involving covered defense information. These rules are noteworthy in that they require DOD contractors to report cyber incidents within 72 hours of discovering the incident. Most state breach notification statutes do not require that individuals be notified of a breach within a specific number of days and the few state statutes that do have such a requirement contain a much more lenient timeframe of 45 to 90 days.
Continue Reading Defense Contractors – Under the DOD’s Interim Rule, It Is Time Once Again To Update Your Data Breach Response Plans