David Migoya reports:
Colorado House Republican leaders on Monday called for an investigation into why Colorado’s higher education agency allegedly failed to timely report a massive data breach this summer.
In a two-page letter hand-delivered to Gov. Jared Polis and Attorney General Phil Weiser, five state representatives also urged an inquiry into why thousands potentially affected by the breach still have not yet been told individually, as the law mandates.
[…]
State law requires the breach to be reported no later than 30 days after it’s discovered.
Weiser’s office on Monday said the 30-day requirement begins to toll after an agency determines personally identifiable information was compromised, not just that a security breach occurred. The higher education department said that happened on July 6, even though it discovered the breach occurred nearly three weeks earlier.
Read more at GovTech.
h/t, Brett Callow