Most states with data breach notification laws indicate that notice to affected individuals must be sent in the “most expeditious time possible without unreasonable delay.” By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?
Florida is one of the states that imposes a definite limit for notification to affected individuals. It has a stipulated time frame of 30 days within which the notice must be sent. This contrasts with the general requirement of notifying individuals in the 'most expeditious time possible without unreasonable delay' that is followed by most other states.
State specifics • Laws recognize the need for the affected entity to conduct a “reasonable investigation in order to determine the scope of the breach and to restore the reasonable integrity of the data system” • Laws specify an expeditious time limit of 45 days (FL, NM, OH, RI, TN, VT, WA, WI)
answer is D
Florida as erwingr says.
All states with data breach notification laws use similar language to describe the required timing of notifications to affected parties. The most common phrase used in conjunction with timing is “the most expedient time possible and without unreasonable delay.” Numerous states specify a limit to the time allowed when this common phrase is utilized, with 45 days after the discovery of the breach being the most common timeframe permitted by these states. For companies operating nationally, it is important to note that the industry best practice is to report within 30 days after the discovery of the breach, meaning that a delay of 45 days could be considered unreasonable (without a valid explanation) in certain states. For example - Colorado and Florida provide for a 30-day time frame. New Mexico, Ohio, Oregon, Rhode Island, Tennessee, Vermont, Washington and Wisconsin mandate a 45-day time frame. Louisiana stipulates a 60-day requirement. “States that Require Notification within a Specific Time Frame,”