Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 1

Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 2

UNPACKING THE PROLONGED DATA BREACH NOTIFICATION TIMEFRAME 4

DATA BREACH NOTIFICATION PERIODS: GDPR, PIPEDA, AND CCPA 6

GENERAL DATA PROTECTION REGULATION (GDPR) 6

PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) 6

CALIFORNIA CONSUMER PRIVACY ACT (CCPA) 7

REASONS FOR DELAYED NOTIFICATION (FROM THE VICTIM'S PERSPECTIVE) 7

THE KEY CONSEQUENCES OF A DELAYED DATA BREACH NOTIFICATION 8

EMPOWERING FASTER RESPONSES TO DATA BREACH NOTIFICATIONS. UNDERSTANDING YOUR

RIGHTS 10

LEARNING FROM PAST MISTAKES: THE CONSEQUENCES OF DELAYED DATA BREACH NOTIFICATION

12

CASE STUDIES ON THE CONSEQUENCES OF DELAYED DATA BREACH NOTIFICATION 12

CONSEQUENCES AND EFFECTS FROM 2022 TO 2024 WHERE DELAYED BREACH NOTIFICATIONS HAD AN IMPACT ON

AFFECTED INDIVIDUALS 13

ADVOCACY EFFORTS FOR TIGHTER DATA BREACH NOTIFICATION REGULATIONS 15

PUBLIC ADVOCACY FOR TIGHTER DATA BREACH NOTIFICATION REGULATIONS 15

KEY ARGUMENTS IN ADVOCACY EFFORTS 17

PROPOSING STEPS TO TACKLE DATA BREACH NOTIFICATIONS TO AFFECTED INDIVIDUALS 18

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 3

SOURCES 19
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 4

Unpacking the Prolonged Data

Breach Notification Timeframe
Timely notification of data breaches is crucial for protecting the rights and privacy of

affected individuals. While data breach regulations aim to ensure prompt notification, the

complexities involved in investigating, assessing, and communicating the details of a breach

can sometimes lead to delays. Organizations must balance the need for swift response with

the requirement to provide accurate and comprehensive information. By adopting best

practices, such as robust incident response plans and clear communication strategies,

organizations can strive to notify affected individuals and authorities as quickly as possible,

while maintaining transparency and building trust.

Data breaches are a major concern in today's digital age, as they can result in the

compromise of personal information and lead to identity theft or other forms of fraud. One

common type of data breach is a phishing attack, where hackers use deceptive emails or

messages to trick individuals into revealing sensitive information such as passwords or credit

card numbers. These attacks can be difficult to detect, as they often appear to come from a

legitimate source.

Another common type of data breach is a malware attack, where hackers use malicious

software to gain access to a person's computer or network. Once installed, malware can steal

personal information, track online activity, or even take control of the device. These attacks
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 5

can occur through infected email attachments, compromised websites, or even through

removable storage devices.

Data breaches can also occur through physical theft or loss of devices such as laptops or

smartphones. If a device containing sensitive information is lost or stolen, the data stored on

it could be easily accessed by unauthorized individuals. This type of breach highlights the

importance of securing devices with strong passwords, encryption, and remote wipe

capabilities to protect personal information in the event of theft or loss. Overall, being aware

of common types of data breaches and taking proactive measures to protect personal

information is essential in today's digital landscape.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 6

Data Breach Notification Periods: GDPR, PIPEDA, and CCPA

Data breaches can have serious consequences for individuals, exposing their personal
information and potentially leading to identity theft, financial fraud, and other forms of harm.
Timely notification of data breaches is critical, as it allows affected individuals to take
appropriate action to protect themselves and mitigate the risks. Data breach regulations, such
as the General Data Protection Regulation (GDPR), the Personal Information Protection and
Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA), have
been enacted to ensure that organizations promptly notify individuals and authorities when
a breach occurs.

General Data Protection Regulation (GDPR)

Notification Period: Under Article 33 of the GDPR, data controllers must notify the
relevant supervisory authority within 72 hours of becoming aware of a data breach.
Additionally, Article 34 requires controllers to inform affected individuals without undue delay
if the breach poses a high risk to their rights and freedoms.

Challenges in Notification: Investigating the scope of the breach, understanding the

specific data impacted, and determining the level of risk to individuals can sometimes delay
the notification process, as organizations strive to provide accurate and comprehensive
information.

Personal Information Protection and Electronic Documents Act

(PIPEDA)
Notification Period: PIPEDA requires organizations to notify the Office of the Privacy
Commissioner of Canada and affected individuals "as soon as feasible" if the breach poses a
real risk of significant harm.

Factors Influencing Delay: Identifying all affected parties, establishing effective

communication channels, and thoroughly assessing the severity of the breach can contribute
to the time it takes to provide the necessary notifications.
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 7

California Consumer Privacy Act (CCPA)

Notification Period: The CCPA does not specify an exact timeframe for notifying affected
individuals, but organizations must provide clear and concise notice in the event of a breach
and ensure that reasonable security practices are in place.

Reasons for Delay: Determining whether a breach falls under the CCPA's requirements,
evaluating the type of information that was breached, and ensuring compliance with legal
standards can lead to delays in the notification process.

Reasons for Delayed Notification (from the Victim's Perspective)

1. Technical Investigations: Understanding the nature and scope of a data breach can
be a complex process, often requiring in-depth forensic analysis and technical
expertise.
2. Regulatory Compliance: Organizations must ensure that their notifications meet
the specific requirements of the relevant data breach regulations, which may
involve legal consultations and internal approval processes.
3. Communication Challenges: Developing clear and effective communication for a
broad audience takes time, and organizations must balance the need for accuracy
with the urgency of the situation.
4. Coordination with Authorities: In some cases, law enforcement or regulatory
bodies may request that organizations delay public notifications to avoid
compromising ongoing investigations.
5. Data Verification: Before issuing notifications, organizations need to verify whose
data was compromised and to what extent, avoiding unnecessary panic or
misinformation.
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 8

The Key Consequences Of A Delayed Data Breach Notification

Delayed data breach notification can have serious financial, legal, reputational, and

operational consequences for both the affected organization and the individuals whose data

was compromised. Timely and transparent communication is an essential factor to mitigate

these risks:

1. Increased financial damages for victims: Data breaches that result in identity theft can

cause over $1,000 in financial damages per

victim on average, and the longer the

notification is delayed, the more time

criminals have to exploit the stolen data.

2. Larger fines and penalties for the

organization: Regulatory bodies like the

GDPR and NYDFS impose strict deadlines

for breach notification, often 72 hours. Failing to meet these deadlines can result in

significant fines, sometimes up to 4% of global annual revenue.

3. Loss of customer trust and reputational damage: Slow responses to data breaches

can erode customer trust in the affected organization. Timely and transparent

communication is important for maintaining the company's reputation.

4. Disruption to business operations: Dealing with the aftermath of a data breach takes

time and resources away from normal business activities, especially if the organization

is slow to contain and respond to the incident.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 9

5. Delayed mitigation of risks for affected individuals: Prompt notification allows

individuals to take steps to protect themselves, such as monitoring for identity theft.

Delayed notification leaves them vulnerable for a longer period.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 10

Empowering Faster Responses to Data Breach Notifications.

Understanding Your Rights
By taking these steps, you can help create a culture where companies prioritize fast and

clear breach notifications. Remember, making a change in how companies respond to

breaches takes time and effort, but every voice counts in making a difference:

1. Know Your Rights. It's important to learn about the laws that protect your personal

information, like GDPR or CCPA. Knowing your rights can help you understand when you

should be notified about a data breach and how

to make sure those rights are respected.

2. Advocate for Stronger Regulations. You

can speak up for stricter rules about data breach

notifications. Supporting policies that demand

quick and clear communication from companies

can make a difference.

3. Participate in Class Action Lawsuits. If a lot of people are affected by a data breach,

joining a lawsuit can pressure companies to improve how they handle breaches and notify

people on time.

4. Contact Data Protection Authorities (DPA). If you think a company is taking too long to

notify you about a breach, you can report it to the right authorities. This can lead to

investigations and penalties for companies that don't follow the rules.
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 11

5. Join Consumer Protection Groups. Being part of groups that fight for privacy rights can

help push companies to act quickly when there's a breach. They can also help raise awareness

about the importance of timely notifications.

6. Stay Informed. Keep up with news about data breaches from reliable sources. If you

think your data might be at risk but haven't heard anything, don't hesitate to ask the company

if there's been a breach.

7. Secure Your Data. Even though you can't control when you'll be notified about a breach,

you can take steps to protect your personal information. Using strong passwords and extra

security measures can help lessen the impact of delayed notifications.

8. Raise Public Awareness. Spread the word on social media about the importance of

timely data breach notifications. Public pressure can encourage companies to prioritize quick

and transparent communication.

9. Contact Customer Service. If you're concerned about a company's breach notification

policies, reach out to their customer service or data protection officers. Let them know how

important it is to be notified promptly.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 12

Learning from Past Mistakes: The Consequences of Delayed

Data Breach Notification
These case studies show the serious consequences of delayed data breach notification,

highlighting the risks for individuals and organizations. Individuals face increased risks of

identity theft and fraud, while organizations may suffer legal, financial, and reputational

damage. The importance of transparency and compliance with data protection laws cannot

be overstated.

Case Studies on the Consequences of Delayed Data Breach Notification

In 2017, Equifax experienced Consequences of Delayed
Equifax Data a data breach that exposed Notification: The delay gave
Breach (2017) sensitive personal cybercriminals more time to
information, like Social misuse the stolen data,
Security numbers, of around leading to identity theft,
147 million people. Despite credit fraud, and
discovering the breach in unauthorized use of
July, Equifax waited until personal information.
September to inform the Equifax faced backlash from
public. the public and regulators,
resulting in Congressional
investigations and a hefty
settlement.
Yahoo Data Yahoo suffered two major Consequences of Delayed
data breaches in 2013 and Notification: The delay left
Breaches (2013- 2014, affecting billions of users unaware of the
2014) user accounts. However, security risks, giving
Yahoo did not disclose these cybercriminals more time to
breaches until 2016, causing exploit the stolen data. This
a significant delay. delay had broader
consequences, impacting
Yahoo's acquisition by
Verizon and resulting in
substantial fines and legal
settlements.
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 13

Marriott In 2018, Marriott revealed a Consequences of Delayed

data breach that Notification: The prolonged
International Data compromised the personal breach exposed sensitive
Breach (2018) information of up to 500 data, like passport numbers
million guests in its and credit card information,
Starwood guest reservation to significant risk. The delay
database. The breach had in notification led to public
been ongoing for years criticism, regulatory
before discovery. scrutiny, and hefty fines and
legal challenges for
Marriott.
Uber Data Breach Uber faced a data breach in Consequences of Delayed
2016 that exposed personal Notification: Uber's lack of
(2016) information of 57 million transparency eroded public
customers and drivers. trust and increased the risk
Instead of disclosing the of identity theft and fraud.
breach promptly, Uber paid The company faced
hackers to delete the stolen regulatory scrutiny,
data without informing the resulting in hefty fines and a
affected parties or settlement with the U.S.
authorities. Federal Trade Commission
(FTC).

Consequences and Effects From 2022 To 2024 Where Delayed Breach

Notifications Had An Impact On Affected Individuals
These case studies highlight the critical importance of timely breach detection and

notification to minimize the damage to individuals affected by data breaches:

1. Increased Breach Notification Costs: In 2023, the average time to identify a data breach

was 204 days, and it took an additional 73 days to contain it. The costs associated with breach

notifications rose to $370k, a 19.4% increase over 2022. This delay in detection and notification

likely exacerbated the damage to affected individuals, as cyberattacks using stolen or

compromised credentials increased by 71% year-over-year.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 14

2. Compliance Failures and Breaches: Nearly half (43%) of businesses did not pass a

compliance audit in the past year, and among those failing audits, 31% suffered a breach in the

same period. This suggests that delayed compliance could lead to delayed breach

notifications, increasing the risk of damage to individuals.

3. Delayed Notifications and Legal Challenges: A specific attack that occurred at the

beginning of November 2023 was only made public in February 2024 after notifications began

to be sent to customers. This delay may have violated state laws regarding the timeframe in

which impacted customers must be notified, pointing to potential legal repercussions and

increased risk of harm to the individuals involved.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 15

Advocacy Efforts for Tighter Data Breach Notification

Regulations
There are various public discussions and advocacy efforts aimed at promoting tighter

regulations that enforce stricter notification periods when a data breach occurs. These efforts

focus on demanding transparency and a more rapid response from data controllers. Here's a

summary of these advocacy efforts:

Public Advocacy for Tighter Data Breach Notification Regulations

1. Privacy Advocacy Organizations

- Organizations like the Electronic Frontier Foundation (EFF), the Electronic Privacy

Information Center (EPIC), and the American Civil Liberties Union (ACLU) play significant roles

in advocating for stronger data protection laws, including stricter breach notification

requirements. They engage in public education, litigation, and policy advocacy to promote

transparency and consumer rights.

2. Consumer Protection Agencies

- Agencies like the Federal Trade Commission (FTC) in the United States advocate for

consumer rights and push for stricter enforcement of data breach laws. The FTC can impose

penalties on companies that fail to notify consumers promptly or engage in unfair business

practices related to data breaches.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 16

3. Public Comment and Lobbying

- Regulatory bodies such as the European Data Protection Board (EDPB) and the U.S.

Department of Commerce often open their rulemaking processes to public comment.

Advocacy groups and individuals can submit comments advocating for tighter regulations and

shorter notification periods.

4. Legislative Advocacy

- Advocates and some policymakers push for legislative changes that require stricter

breach notification. In the United States, for example, discussions around a federal data

breach notification law have been ongoing, with some legislators advocating for more

uniform and stringent requirements.

5. Media and Public Awareness Campaigns

- Journalists and media outlets play a key role in raising public awareness about data

breaches and their consequences. High-profile reports on breaches like Equifax or Yahoo

often lead to public outcry, which can drive advocacy for tighter regulations.

6. Collaboration with Regulators

- Nonprofits and advocacy groups often collaborate with regulators to develop best

practices for breach response and notification. This collaborative approach helps ensure that

regulations are effective and informed by real-world needs.

 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 17

Key Arguments in Advocacy Efforts

1. Consumer Protection: Advocates argue that stricter notification periods protect

consumers from identity theft, fraud, and other harms associated with data breaches.

2. Transparency and Trust: Tightening notification requirements promotes greater

transparency, fostering public trust in organizations’ data handling practices.

3. Deterrence: Stricter regulations can deter organizations from lax data protection

practices, leading to a more proactive approach to data security.

4. Global Consistency: As data breaches can have global implications, consistent

notification periods across jurisdictions can reduce confusion and enhance global data

protection efforts.
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 18

Proposing Steps To Tackle Data

Breach Notifications to Affected
Individuals
To prevent individuals from experiencing the negative consequences of delayed

notifications regarding data breaches, it is recommended to propose the following steps to

the data protection authorities for an amendment or actual regulations:

1. Implement a private right of action for affected individuals.

2. Temporarily suspend operations within the country for a period ranging from 3

months to 1 year.

3. Force the parties involved to enter into a settlement agreement.

4. Publicly disclose the breach through various media channels.

5. Increase the fines imposed on non-compliant entities.

By taking these proactive measures, we can better protect individuals' privacy and hold

accountable those who fail to uphold data protection regulations.

Andres Saravia
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 19

Sources
(1) Breach Notification Rule | HHS.gov. https://www.hhs.gov/hipaa/for-
professionals/breach-notification/index.html.

(2) Data breach notification laws - Wikipedia.

https://en.wikipedia.org/wiki/Security_breach_notification_laws.

(3) New SEC Rules Require Breach Disclosure within Four Days.
https://www.esecurityplanet.com/trends/sec-breach-disclosure-rules/.

(4) Breach Notification Rule | Guidance Portal - HHS.gov.

https://www.hhs.gov/guidance/document/breach-notification-rule.

(5) What are the HIPAA Breach Notification Requirements?.

https://bing.com/search?q=main+regulations+breach+notifications. (1) HIPAA Violation Fines
- Updated for 2024 - HIPAA Journal. https://www.hipaajournal.com/hipaa-violation-fines/.

(6) Breach Notification Laws and Personal Information.

https://blog.techprognosis.com/breach-notification-laws-and-personal-information-
definitions-history-and-penalties/.

(7) (3) Data Breach Notification Laws by State | IT Governance USA.

https://www.itgovernanceusa.com/data-breach-notification-laws.

(8) (4) Breach Notification Rule | HHS.gov. https://www.hhs.gov/hipaa/for-

professionals/breach-notification/index.html.

(9) Breach Notification Laws and Personal Information.

https://bing.com/search?q=penalties+for+non-
compliance+with+breach+notification+regulations.

(10) The HIPAA Breach Notification Rule - HIPAA Journal.

https://www.hipaajournal.com/hipaa-breach-notification-rule/.

(11) HIPAA Violation Fines - Updated for 2024 - HIPAA Journal.

https://www.hipaajournal.com/hipaa-violation-fines/.

(12) Breach Notification Laws and Personal Information.

https://blog.techprognosis.com/breach-notification-laws-and-personal-information-
definitions-history-and-penalties/.

(13) Data Breach Notification Laws by State | IT Governance USA.

https://www.itgovernanceusa.com/data-breach-notification-laws.

(14) Breach Notification Rule | HHS.gov. https://www.hhs.gov/hipaa/for-

professionals/breach-notification/index.html.
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 20

(15) Breach Notification Laws and Personal Information.

https://bing.com/search?q=penalties+for+non-
compliance+with+breach+notification+regulations.

(16) The HIPAA Breach Notification Rule - HIPAA Journal.

https://www.hipaajournal.com/hipaa-breach-notification-rule/.

(17) 15 Cybersecurity Tools for Small and Medium Businesses (SMBs) | Fortinet
https://www.fortinet.com/resources/cyberglossary/smb-cybersecurity-tools

(18) Gartner https://www.gartner.com/reviews/market/data-loss-prevention

(19) 4 Necessary Tools to Prevent Security Breaches - Cybriant

https://cybriant.com/prevent-security-breaches/

(20) Best Data Loss Prevention Tools | Teramind Blog https://www.teramind.co/blog/best-

data-loss-prevention-tools/

(21) Top 7 Data Loss Prevention Tools for 2023

https://www.techtarget.com/searchsecurity/tip/Top-7-data-loss-prevention-tools

(22) 9 Best Data Leak Detection Software Solutions in 2024 | UpGuard

https://www.upguard.com/blog/best-data-leak-detection-software-solutions

(23) The Best Data Loss Prevention (DLP) Software Tools of 2023
https://www.frameworkit.com/managed-services/the-best-data-loss-prevention-dlp-tools/

(24) 10 Best Data Loss Prevention Tools & Software https://www.comparitech.com/data-

privacy-management/data-loss-prevention-tools-software/

(25) Essential Apps for Ironclad Online Privacy https://www.pcmag.com/picks/essential-

apps-for-protecting-your-privacy-online

(26) Top 9 Data Loss Prevention (DLP) Tools | CybeReady https://cybeready.com/de/top-9-

data-loss-prevention-dlp-tools

(27) Top 10 Data Loss Prevention Software | Expert Insights

https://expertinsights.com/insights/top-10-data-loss-prevention-software/

(28) The Top 10 Data Loss Prevention Software Products of 2024

https://www.cyberhaven.com/guides/top-data-loss-prevention-dlp-software-products-
vendors-solutions

(29) Cybersecurity for Small Businesses https://www.fcc.gov/communications-business-

opportunities/cybersecurity-small-businesses
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 21

(30) Top 12 Data Loss Prevention Tools in 2024 https://www.zluri.com/blog/data-loss-

prevention-tools/

(31) Top 10 Data Loss Prevention Tools in 2024 - Learn | Hevo

https://hevodata.com/learn/data-loss-prevention-tools/

(32) Best Data Loss Prevention (DLP) Software in 2024 - G2

https://www.g2.com/categories/data-loss-prevention-dlp

(33) Top 6 Data Loss Prevention (DLP) Solutions

https://www.esecurityplanet.com/products/data-loss-prevention-dlp-solutions/

(34) Cybersecurity made easy for small business | CrowdStrike

https://www.crowdstrike.com/solutions/small-business/

(35) 11 BEST Data Loss Prevention Software DLP Solutions In 2024

https://www.softwaretestinghelp.com/data-loss-prevention-software/

(36) Leading Data Breach Prevention | ThreatAdvice

https://www.threatadvice.com/breach-prevention-platform

(37) 101 of the Latest Data Breach Statistics for 2024. https://secureframe.com/blog/data-
breach-statistics.

(38) 2024 Report Analysis on Data Security Trends.

https://cpl.thalesgroup.com/blog/access-management/2024-report-analysis-on-data-security-
trends.

(39) Data Breaches That Have Happened in 2024 So Far - Updated List - Tech.co.
https://tech.co/news/data-breaches-updated-list.

(40) Mass Claims, Data Breaches and Fear of Data Subjects - Unpacking Recent ....
https://www.twobirds.com/en/events/global/2024/mass-claims-data-breaches-and-fear-of-
data-subjects-unpacking-recent-legal-milestones.

(41) FCC Updates Data Breach Notification Rules, Despite Challenges.

https://www.natlawreview.com/article/fcc-updated-data-breach-notification-rules-go-effect-
despite-challenges.

(42) https://secureframe.com/blog/data-breach-statistics ""

(43) https://cpl.thalesgroup.com/blog/access-management/2024-report-analysis-on-data-
security-trends ""

(44) https://www.twobirds.com/en/events/global/2024/mass-claims-data-breaches-and-
fear-of-data-subjects-unpacking-recent-legal-milestones "
 Andres Saravia - Unpacking the Prolonged Data Breach Notification Timeframe 22

(45) https://www.natlawreview.com/article/fcc-updated-data-breach-notification-rules-go-
effect-despite-challenges ""

(46) https://tech.co/news/data-breaches-updated-list ""