It took Target a week to tell customers about a massive data breach that compromised the privacy of millions of shoppers during the holiday season. Neiman Marcus waited 10 days to tell customers after confirming last month that it had been the victim of a similar attack.
The delays have angered consumer advocates, but they are not unusual. When companies must notify consumers of breaches, how they notify them, and how much they disclose is governed by a dizzying mosaic of state laws.
With law enforcement warning retailers that more attacks are likely soon, there is a push in Congress to develop a federal standard for how companies should handle breaches. Full story for BostonGlobe.com subscribers.