Forty-seven states have their own laws about when companies, including law firms, must disclose a breach. These laws typically require companies to disclose data thefts when an entity gets unauthorized access to “personal information,” a term whose definition that varies by state. Personal information usually means names, credit card numbers and Social Security numbers.
Another important question: To what extent are law firms required to keep their clients in the loop about data breaches?
via When Do Law Firms Have to Disclose a Data Breach? – Law Blog – WSJ