ANALYSIS: Three-Day Breach Notice to Regulators Is Not So Rare

May 27, 2021, 9:01 AM

Are three days enough time to put together a data breach notification? To some, President Biden’s Executive Order on Improving the Nation’s Cybersecurity may seem a bit drastic. But not when compared to the trend of industry-specific state laws imposing similar time frames on notifications to state insurance regulators.

President Biden’s May 12 order tasks the Secretary of Homeland Security with recommending deadlines for certain federal contractors to report “cyber incidents,” a term that the secretary must also define. While the order grants the secretary discretion to specify deadlines based on severity, contractors will have to notify agencies of the ...

To read the full article log in.

Learn more about a Bloomberg Law subscription.