Compare with different regulatory event:
On 22 February 2010, the Federal Trade Commission (FTC) started enforcing the Health Breach Notification Rule, following its entry into force on 24 September 2009. The Rule outlines notification requirements for vendors of personal health records, such as platforms allowing consumers to access health data and third-party applications for personal health records. In particular, the Rule requires entities to notify the consumers and the FTC of data breaches without unreasonable delay and no later than 60 days after the discovery of unauthorised data access and within 10 days if more than 500 consumers will be affected.
Original source