Question 15
UnclassifiedWhich event is most likely to trigger multi-state breach analysis complexity?
Correct answer: B
Explanation
A breach involving residents of multiple states can trigger different notification duties because states often define "personal information" differently and impose separate regulator-notice rules. That creates multi-state breach analysis complexity by requiring the organization to compare each state’s statutory definition, timing, and reporting thresholds before sending notices.
Why each option is right or wrong
A. A single internal memo with no personal data
B. A breach affecting residents of multiple states with different personal-information definitions and regulator-notice rules
Multi-state breach analysis becomes complex when the same incident implicates several state breach-notification statutes, because each state may define “personal information” differently and may require notice to a regulator, consumer, or both. For example, state laws commonly impose distinct deadlines such as 30, 45, or 60 days, and some require notice only if a statutory threshold is met, so a breach affecting residents of multiple states forces separate legal checks rather than one uniform notice decision.
C. A routine database backup
D. A vendor invoice dispute unrelated to data