If you trust a company with your personal data and it loses your information to cyber criminals, should the company tell you? That's a question with an obvious answer. What if the company entrusts it to a third-party and they lose it? Here there's no clear legal answer. Generally, it is agreed that it's the original company's responsibility. But, there's no federal law, so security professionals have to rely on a patchwork of state laws that leave it unclear exactly who is responsible for notifying consumers of data breaches - an enormous headache.
展开▼
