In all the guidance related to Response Programs for Unauthorized Access to Customer Information and Customer Notice (what a mouthful!), I have not seen anything that states WHEN the program must be in place. I assume it is preferable to have it in place before our next examination, but is there a "drop dead" date that anyone in aware of? Have I missed it?
Thanks!
_________________________
Sorry, did I just use my outside voice?