At the recent Manufacturers Resource Center cybersecurity event. Timothy C. Charlesworth and Kenneth R. Charette advised local manufacturers about the steps to take following a data breach, including the development of response plans. According to the Breach Level Index, more than 5 millions records a day are lost or stolen, and once a breach is discovered, companies are responsible for stopping the breach, identifying what was stolen or lost, and reporting the breach to the proper authorities.
Rules about reporting vary from state to state, which is why it’s important for companies who have been breached to have a plan in place, which includes having the proper legal counsel to help identify the laws in the states or countries where data was stolen. While Pennsylvania doesn’t have a set time limit for reporting the breach, “other states have 30/60/90 day requirements, so it’s important to know if you have reporting obligations in other states,” Charette told attendees.
“Rules are evolving,” Charlesworth agreed. “If you are doing business with other states and countries and a breach occurs, know you will be required to comply with their regulations.”