|
|
|
|
|
|
by Kalium
2803 days ago
|
|
|
You're right! There are laws in some places requiring notification in the event of a breach. California has one of these, and some provisions of GDPR are similar. With that said, I don't think any of these require notification in the event of the abstract possibility, unsupported by any evidence, of a data breach. This is because there is a substantial difference between data that was emitted (factually sent somewhere) and exposed (could have been sent somewhere), and laws tend to trigger on the former. If you're aware of relevant laws I have missed, I would love to know! |
|
|