Is this just for political purposes or do these comments from South Carolina State Senator Vincent Sheheen really reflect his views on the timeliness of notification:
“For Governor Haley and her administration to withhold news from us for sixteen days that our personal identity information has been stolen from state computers is completely unacceptable. And to wait until a Friday afternoon to release this information is nothing more than a slick public relations trick trying to minimize political damage. “
So… has Senator Sheheen introduced legislation requiring notification in less than 16 days? Will notifications have to be made Mon – Thursday? How far is he willing to go to back his criticism?
And when you have over half of your state’s residents’ Social Security numbers hacked, would it have made sense to issue a general alert sooner or would that just have started a panic before the state was ready to say whose SSN were involved?
Readers of this blog tend to be knowledgeable about breaches and notifications. So what sayeth you: if from initial discovery of a breach (but not full understanding of the scope) to notification was 16 days, is that too long?