"As a group health plan sponsor, an employer's responsive obligations arising in the context of certain cybercrime events depends largely upon the underlying funding status of the employer's core employee benefit plans ... Additional privacy and security related obligations for the employer may be detailed in various state-level statutory mandates or even within certain international laws or other global-scope regulations.... Several notifications may be required as a consequence of a data breach.... Communication with employees is important[.]"  MORE >>