E.x. if the data breached was not critical to legal retention requirements, the penalty is more severe. (Ofc this assumes good definition of what is critical for legal retention).
At the very least it would encourage companies to keep such data less or for shorter times to minimize damage.
E.x. if the data breached was not critical to legal retention requirements, the penalty is more severe. (Ofc this assumes good definition of what is critical for legal retention).
At the very least it would encourage companies to keep such data less or for shorter times to minimize damage.