Compare with different regulatory event:
On 24 September 2009, the Federal Trade Commission (FTC) Health Breach Notification Rule entered into force. The Rule outlines notification requirements for vendors of personal health records, such as platforms allowing consumers to access health data and third-party applications for personal health records. In particular, the Rule requires entities to notify the consumers and the FTC of data breaches without unreasonable delay and no later than 60 days after the discovery of unauthorised data access and within 10 days if more than 500 consumers will be affected. The FTC will enforce the Rule starting on 22 February 2010 to enable entities to implement the new security procedures.
Original source