Yesterday, I noted that California’s Attorney General was suing Kaiser over a breach that was discovered in 2011 but not disclosed to those affected until months later.
David Navetta of InformationLawGroup has some interesting commentary and analysis of the lawsuit, focusing on the provisions of California law that provide:
The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Read his commentary here.