Skip to content

When should the data breach clock start?

One of the most difficult issues in enterprise cybersecurity — something the US Securities and Exchange Commission is now openly struggling with — is when should an enterprise report a data breach?

The easy part is, “how long after the enterprise knows of the breach should it disclose?” Different compliance regimes come to different numbers, but they are relatively close, from GDPR’s 72 hours to the SEC’s initial four days.

To read this article in full, please click here

Source:: Computerworld