No. The Government is not looking out for you. Yes, most states and, now, the Federal Government have reporting requirements for those surpassing a threshold of affected parties. Unfortunately, the reporting requirements allow enough lag time between breach and breach notification. That lag gives hackers ample opportunity to exploit their victims’ data before those victims know about the breach.
Security is Your Responsibility
Consider this year’s data breach at Michigan’s McLaren Health Care.
Unauthorized access to McLaren systems began on July 28 and lasted through August, but the individual impact varies from person to person.
According to a notice on the McLaren website, the company learned of the breach on August 31. An investigation into the impacted files concluded on October 10, and if you’ll take a look at today’s date, it took an additional month for the company to let the public know about the incident.
Yahoo Finance
Nearly 4 months elapsed from the time of the breach until the notification date. Many organizations take even longer to notify the public of a cybersecurity incident.
What does this mean to me?
Security is your responsibility. The government won’t save you. Regulations won’t protect you. Breached businesses won’t help you.
Get advanced notice of problems regarding your data through dark web and identity monitoring services. Such services give you a chance to discover early if someone has gained access to your confidential data and has exploited it. Take responsibility for your data because, literally, no one else will.