John Evangelakos, Nicole Friedlander and Corey Omer co-authored an article titled “Challenges of a National 72-Hour Data Breach Notification Standard,” published by the New York Law Journal on June 1. In response to Congressional questioning of Facebook CEO Mark Zuckerberg regarding activity by Cambridge Analytica, and a bill pending in Congress that would require companies that have experienced a data breach to notify affected users within 72 hours, the authors discussed the benefits and significant challenges that a 72-hour notification standard would pose. As they discussed, while a national standard with preemptive effect may be welcome given the current patchwork of relevant and sometimes competing state laws, requiring companies to provide notification within 72 hours would prove very challenging. Even where achievable, the authors noted that such a standard may lead to confusion for consumers, and legal and reputational risks for the company, given how little relevant information is often available to the company so soon after learning of a data security incident.