Michael J. Waters and Colin H. Black of Polsinelli write:
Tech Transactions & Data Privacy 2022 Report
Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data access or acquisition and, as such, are not always reported. As ransomware attacks increase in frequency and the severity of their impact, both law enforcement and industry regulators are seeking greater visibility into these incidents and, through the publication of new guidance and the amendment of notification laws, are starting to require increased reporting.
Read more The National Law Review.