There’s really nothing new in here that regular readers of this blog won’t know already, but Karen Freifeld reports:
A decade of lawmaking by U.S. states to ensure consumers are told when their data has been hacked still lets companies such as Target Corp wait weeks or even months to disclose security breaches.
Forty-six of 50 U.S. states have passed laws requiring disclosure, starting with California in 2002, but the laws vary in terms of when and how notice must be given, and most states allow for delays to investigate the intrusion.
Read more on Reuters.