My thought as well. Sounds like a management over reaction to me. Notify, absolutely, but within one hour after even suspecting the breach??...

[ more ]  [ reply ]

Requiring a one hour notification time, even for suspected intrusion, means that it's harder for something like that to be swept under the rug and allows for oversight over the organization reporting the breach. It's not a bad thing, and is how most large companies who are under regulatory complian...

[ more ]  [ reply ]