Do You Think 72 Hours to Report a Breach is Tough? How About One Hour?
Under new regulations, contractors for the Department of Veterans Affairs will have EXACTLY ONE HOUR to report security and privacy breaches. This may be the wave of the future. On top of that, contractors will be required to pay liquidated damages according to an internal standard developed by the VA. The rule was set to be published in the Federal Register last Wednesday (two days ago). This actually is in line with requirements published more than 5 years ago to federal agencies. If you contract with the VA, make sure the details of how this needs to work are in writing in your contract. Also, make sure other agencies don’t just slip this in with a DFARS or FAR that you might miss.
Credit: Data Breach Today