Which regulatory requirement triggers public disclosure when a company exposes customer health, finance, or education information?

Data breach notification laws drive public disclosure when sensitive information is exposed. When customer health, financial, or education data is exposed, these laws require the organization to notify affected individuals—and often regulators or authorities—in a timely manner. They may also require public disclosure or reporting of the breach details, depending on jurisdiction and the breach scope. This is distinct from other policies or issues: a data retention policy governs how long data is kept and when it’s disposed of; patch management policy covers applying updates and fixes; an access control list misconfiguration is a vulnerability that could lead to exposure but isn’t itself the regulatory trigger for disclosure.