If your organization handles or works with a certain type of data, you have a legal obligation to protect that data. Generally speaking, this could refer to personal information like names, identifiers (i.e. social security numbers), health data, or financial data. If any such data is compromised, it’s not only your fiduciary responsibility to disclose the breach to those harmed—it’s also your legal obligation.
Article Link: https://www.bitsighttech.com/blog/data-breach-notification-laws