Forty-seven states have their own laws about when companies, including law firms, must disclose a breach. These laws typically require companies to disclose data thefts when an entity gets unauthorized access to “personal information,” a term whose definition that varies by state. Personal information usually means names, credit card numbers and Social Security numbers.
Another important question: To what extent are law firms required to keep their clients in the loop about data breaches?
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedIn