From Iowa State University and P.F. Chang's to your town's smallest businesses, hackers are indiscriminate when it comes to attacking computers and networks to access and obtain sensitive consumer data.
Against this very alarming and real backdrop, it is important for businesses of all shapes and sizes not only to take steps to proactively protect consumer data, but also to understand the legal requirements and ramifications if they do not act properly following a data security breach.
On April 3, 2014, Iowa Governor Terry Branstad signed into law a new breach notification requirement (amending a prior law), which includes a provision that not only requires businesses to timely notify consumers when certain security breaches occur, but it also requires businesses to notify the Iowa Attorney General's office when more than 500 Iowa residents are impacted by the security breach. Of particular note, failure to comply with Iowa's new breach notification requirement can result in significant monetary and non-monetary penalties being levied against the business.
Consequently, it is important that following a security breach businesses promptly take proper steps, including seeking trusted technical and legal advice to determine the scope of a breach and what, if any, additional action the business must legally take. If you have any questions regarding the issues outlined above you should contact a licensed attorney or certified security advisor.