Yes, let’s release a breach notification at 5 pm on the Friday of a big holiday weekend….
In this case, it’s The Neurology Foundation in Rhode Island, reporting on an incident involving employee wrongdoing. You can read the full press release here. Note that although the problem was discovered months ago, notification of the breach was delayed “as a result of law enforcement’s investigation.” But does that mean that law enforcement actually asked them to delay notification, or did they just decide to delay notification themselves due to the investigation?