出版社:International Association for Computer Information Systems
摘要:After a data breach occurs, organizations typically implement an incident response plan , which includes some form of discovery, notification, and remediation. While IT professionals play a central role in these activities, they are joined in their efforts by others internal to the organization as well as external specialists. For example, the internal data breach response team often includes members from the legal department who provide counsel, participate in contacting law enforcement where necessary, and coordinate other law - related activities. In addition, law firms that specialize in data breaches may provide additional expertise to guide the organization through notification and possible remedial measures such as call centers and identity theft protection for affected parties. This paper, aimed at IS /IT academics and professionals, describes data breach characteristics, costs, and response steps , while primarily focusing on the variations in state data breach notification laws and, to a le sser extent, the proposed federal Personal Data Notification and Protection Act of 2015. Examples from state statutes illustrate the range of legal obligations IT professionals face with respect to events that trigger a notification requirement, who must p rovide notification, the time frame for and methods of notification, compliance and enforcement .
