Answer: B - Information shared with a customer about who committed a data breach, the method of the breach, and when the breach took place is known as conditions for notification.
In many cases, HHS requires that breach notifications be made without unreasonable delay (no later than 60 days following the discovery of the breach). Conditions for the required notification include the following (to the extent of possibility): (1) Brief description of the breach; (2) a description of the types of information breached; (3) Steps an affected party should take to protect from harm; (3) Description of what the organization whose controlled data has been a breach is doing to investigate, mitigate any potential harm and prevent future breach incidents; and (4) Contact information for the organization whose controlled data was breached. These are the conditions of notification.
