Overview
Amundsen Davis assisted in the data incident response plan for a small company, whose hardware was stolen and which hardware allowed access to centralized databases which contained encrypted PII. This work involved investigation into the Personal Information Protection Act of certain Midwestern states to confirm whether notification of the potential breach was required and reporting obligations and best practices, moving forward, for the company.
