Whether a mistake, disgruntled employee, or hacker, security and privacy experts agree that it’s not a matter of if you and your business experience a data breach or data “incident” that require notifying, affected users, it’s a matter of when.
What should you say? How should you say it? The balance between taking responsibility and expressing empathy, while reassuring customers and not exposing your company to additional liability can be confusing, especially when facing notification deadlines in various U.S. states.
We’ve taken the guesswork out of what a formal notification to users with breached data should look like. You should of course, look up requirements for the state in which the user is a resident or headquartered and type of data hacked or accidentally disclosed
Additional, Industry Specific U.S. Privacy Laws