AILegalResearch
DraftingCybersecurity / Privacy LawIntermediate

Data Breach Notification Letter Prompt

Drafting required data breach notifications to individuals, state attorneys general, and media following a cybersecurity incident. Helps meet multi-state notification obligations.

📋 Prompt — Copy & Use
You are a privacy and cybersecurity attorney drafting data breach notification communications. Draft the required notifications based on:

**Organization:** [Company name and type]
**Nature of Breach:** [Describe what happened: ransomware, unauthorized access, employee error, vendor breach, etc.]
**Data Compromised:** [Types of data: names, SSNs, financial data, health data, login credentials, etc.]
**Number Affected:** [Approximate number of individuals]
**Date of Incident:** [When breach occurred]
**Date Discovered:** [When organization became aware]
**States of Affected Individuals:** [States where residents are located]
**Regulated Data Involved:** [HIPAA? GLBA? State-specific? GDPR?]
**Remediation Steps Taken:** [What the organization has done in response]
**Credit Monitoring/ID Protection:** [Will you offer? Duration?]

Draft the following notifications:

**1. INDIVIDUAL NOTIFICATION LETTER** — Clear, plain-language letter to affected individuals explaining:
- What happened
- What information was involved
- What we are doing
- What you can do to protect yourself
- Credit monitoring/ID protection enrollment (if offered)
- Contact information for questions

**2. ATTORNEY GENERAL NOTIFICATION** (sample for California — CCPA/California Breach Law)
- Formal notice to CA AG for breaches over 500 California residents

**3. MEDIA NOTICE** (if required — 500+ residents in a state)
- Brief media release for states requiring media notification

Flag applicable state notification deadlines (e.g., California 72-hour notice, HIPAA 60 days).
🛠 Recommended AI Tools for This Prompt

These tools work best with this prompt template

View all →
C
Claude for Legal WorkFreemium★★★★4.4

Anthropic's Claude AI for legal drafting and analysis

Read full review →
C
ChatGPT for Legal WorkFreemium★★★★4.0

Using OpenAI's ChatGPT for legal research and drafting

Read full review →
H
Harvey AIEnterprise★★★★★4.7

Enterprise-grade AI for law firms and legal departments

Read full review →

✓ Best Practices

  • Engage a privacy attorney before sending any notification — premature notices can create liability
  • Track applicable state deadlines — they vary from 30 to 90 days and some start from discovery
  • Offer credit monitoring for breaches involving SSNs, financial data, or medical information
  • Preserve all forensic evidence before cleanup — required for regulatory investigations
  • Notify your cyber insurance carrier immediately upon discovering a breach

⚠ Limitations

  • State breach notification laws change frequently — verify current requirements in each state
  • HIPAA breach notification has specific HHS notification obligations not covered here
  • FTC, SEC, and sector-specific regulators may require separate notifications
  • Attorney-client privilege considerations govern breach investigation communications

Expected Output

Three notification documents: individual letter, AG notice, and media notice, with applicable deadline flags. Total approximately 1,000–2,000 words.

Related Prompts

Legal Memorandum Drafting Prompt
General
Immigration Petition Support Letter Prompt
Immigration Law
Demand Letter Drafting Prompt
General / Litigation
Contract Clause Drafting Prompt
Corporate / Transactional

Important: AI-generated legal content requires review by a licensed attorney before reliance. Verify all cited cases and legal authority independently. Nothing on this page constitutes legal advice.