CISSP · Question #840
Are companies legally required to report all data breaches?
The correct answer is A. No, different jurisdictions have different rules.. Companies are not legally required to report all data breaches, as different jurisdictions have different rules and regulations regarding data breach notification. For example, in the European Union, the General Data Protection Regulation (GDPR) requires companies to report data
Question
Are companies legally required to report all data breaches?
Options
- ANo, different jurisdictions have different rules.
- BNo, not if the data is encrypted.
- CNo, companies' codes of ethics don't require it.
- DNo, only if the breach had a material impact.
How the community answered
(46 responses)- A91% (42)
- C7% (3)
- D2% (1)
Explanation
Companies are not legally required to report all data breaches, as different jurisdictions have different rules and regulations regarding data breach notification. For example, in the European Union, the General Data Protection Regulation (GDPR) requires companies to report data breaches that pose a risk to the rights and freedoms of individuals within 72 hours of becoming aware of the breach. In the United States, there is no federal law that mandates data breach notification, but most states have their own laws that vary in terms of the definition, scope, and timing of data breach notification.
Topics
Community Discussion
No community discussion yet for this question.