Which of the following statements is most accurate in regard to data breach notifications under federal and state laws:
A.
You must notify the Federal Trade Commission (FTC) in addition to affected individuals if over 500 individuals are receiving notice.
B.
When providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised.
C.
When you are required to provide an individual with notice of a data breach under any state’s law, you must provide the individual with an offer for free credit monitoring.
D.
The only obligations to provide data breach notification are under state law because currently there is no federal law or regulation requiring notice for the breach of personal information.
The most accurate statement in regard to data breach notifications under federal and state laws is B. When providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised. This is a common requirement across many state laws and reflects the need for transparency about what data may have been affected by a breach.
The other options have inaccuracies:
A: While there are reporting requirements to the FTC for certain breaches, it's not always applicable or required to notify the FTC for every breach involving over 500 individuals.
C: Offering free credit monitoring is not universally required; it depends on specific state laws.
D: While most obligations come from state laws, there are federal regulations (e.g., for specific sectors) that can also impose notification requirements.
There are federal laws, such as the Federal Trade Commission Act, that require businesses to notify affected individuals in case of a data breach. Then the correct answer is B because it is the only one with a TRUE statement.
State Breach Notification Laws
In the absence of a federal law, states have taken the lead in setting requirements related to data breaches. California enacted the first state-level breach notification law in 2003. As of 2018, all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have enacted state breach notification laws
Lack of Federal Data Breach Law
With massive, high-profile data breaches making the front pages, calls for a uniform federal data breach law have continued.
Former President Obama had proposed the Personal Data Notification Act, which he said would correct the “patchwork problem” of laws that are said to be confusing for consumers and for companies.
The proposal was criticized by state attorneys general and privacy advocates because it would pre-empt stricter state laws.
B is wrong. States each have their own specific requirements on what to include, with many states having no requirements at all as to what include in the notification.
The answer is D. There are no federal breach notification laws.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Priv24
Highly Voted 7 months, 3 weeks agofightingpotato
Most Recent 1 month, 1 week agoKCCM
3 months agoBhimesh
7 months, 2 weeks agosmp175
1 year, 4 months ago[Removed]
1 year, 6 months ago