After this lesson, you will be able to: Understand GDPR, CCPA, HIPAA at a working level and what each requires after a breach.
Once data leaks, the legal regime kicks in. GDPR (EU), CCPA (California), HIPAA (US healthcare) each define what counts as personal/protected data, how fast you must notify, and the financial penalties for failure.
Applies to any company processing EU residents' data. Six lawful bases for processing (consent, contract, legal obligation, vital interest, public task, legitimate interest). 72-hour breach notification to the supervisory authority. Fines up to 4% of global revenue.
US healthcare. Defines PHI (Protected Health Information). Privacy Rule (who can access), Security Rule (technical/physical/administrative safeguards), Breach Notification Rule (notify within 60 days, public posting if 500+ affected).
1. Discover incident → activate IR plan.
2. Determine: did personal/protected data leave?
3. Lawyers calculate which laws apply (often multiple).
4. Notify regulators within statutory window.
5. Notify affected individuals.
6. Public disclosure if scale crosses threshold.
Pick one: 24h, 72h, 7 days, 30 days.
Sign in and purchase access to unlock this lesson.