AUSTIN, Texas — Some of the criticism of Equifax's handling of its recent data breach centered around the time that passed between when the company first became aware of the incident and when the news got out months later. CIOs at the annual NASCIO conference in Austin this week offered their takes on the fallout from the breach. 

"It's something that shakes all organizations to the core, government in particular," said Alaska CIO Bill Vajda. 

But what are the rules when it comes to notifying customers that their data has been exposed?

"Communication is really important when you're talking about breaches or incidents," said Lynne Pizzini, Montana chief information security officer (CISO), in an interview with Government Technology. "I believe organizations really do need to have a very firm plan on how they're going to carry out any type of notification after an incident."

Vajda, joined by Alaska's newly named (and first ever) CISO Shannon Lawson, explained the responsibility of the public sector when a cyberincident takes place.