Hacker News new | past | comments | ask | show | jobs | submit login

Under California law, data breach notifications "shall be made in the most expedient time possible and without unreasonable delay".

Civil Code § 1798.82(a): http://leginfo.legislature.ca.gov/faces/codes_displaySection...

I find it hard to square that requirement with Uber waiting 5 months from when it found out.




That is a bunch of lawyer words that they can stretch to mean anything. What we need are hard deadlines, say two days after the breakin. Not enough to full find out what happens, but enough to force the companies to act.


It's soft language, but I don't think they can stretch it to mean "anything." 5 months is just way too long.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: