With Colin Pausey
Entities affected by the mandatory data breach notification scheme should assess any internal risk policies and coverage.