Are companies required to report instances of viruses and hacks?

Hello Experts - I work for a small architectural firm in NJ and wanted to inquire about the legal issues with viruses and hacks.  If we were to experience a virus infection that caused minor data loss am I required to report this to any federal or state agency?  If so, where could I find information about the details of what needs to be reported and to whom?  I've never heard of this outside of the financial industry but someone in my organizations executive management "heard" that this is something we are required to do.
danbrown_IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
I doubt there is a need for that, if it is, then that would depend on local jurisdiction.

But it can be a good idea to report things before you have cleaned them up, as that could in some cases help the authorities to gain information to catch the crooks. But they'd probably have to look at the PC's that were attacked before they are cleaned, otherwise all the info they can gain is limited to statistics.
0
danbrown_IT ManagerAuthor Commented:
We've experienced two virus issues here in 2014, both were minor and I was able to take care of the related problems in short order.  I can't imagine that any US state or federal regulatory/law enforcement body would take any interest at all in trying to track down the originator, especially since both appear to have come from the .ru domain.  Really all I want to do is confirm that there is no legal requirement for us to report the issues to anyone, CYA.
0
Don ThomsonCommented:
Really - it's your network and you cannot be forced to report it

UNLESS

 - if the virus caused your client or employee  confidential information to be stolen from your network, as a professional corporation - you may have signed non-disclosure documents with clients. In a case when the stolen information would have a serious negative impact on one or more clients or employees, it would be in your best interests to report the theft.   Otherwise I think you are probably okay with keeping it in house.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
danbrown_IT ManagerAuthor Commented:
Ok, makes sense to me.  Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.