Privacy expert Rebecca Herold: Most organizations still do not have a documented privacy breach response plan. Without a documented plan it will take them much longer to determine the true status of the breach, she says. She says organizations make insensitive statements that downplay the risk results and in such a way that it makes customers and consumers angry. The 40-state-level laws in the U.S. have specific notification requirements, including how quickly notifications must be made, and how quickly they can be made.”]
Source: https://www.cuinfosecurity.com/data-breach-response-tips-to-protect-your-institution-a-670