Dear Mary,
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then, some states have further qualifications to their definition, such as whether that unauthorized access or acquisition “compromises” or “materially compromises” the integrity, security, or confidentiality of the data. No states (apart from New York) define access or acquisition, and no state defines compromise vs. material compromise. How would you suggest analyzing all these varying terms?
– PatchworkContinue Reading Understanding Access vs. Acquisition