Skill

legalcode-breach-affected-party-communication

Drafts and reviews the complete suite of breach communications directed at affected individuals and the public following a confirmed personal data breach: individual notification letters with jurisdiction-specific mandatory content, timing, and credit monitoring offers; FAQ documents for breach response webpages; call center scripts; media statements; and follow-up / supplementary notifications. Use when you need to draft, review, or improve any communication sent to data breach victims — not regulatory filings (use legalcode-breach-regulatory-notification-drafter for those). Covers GDPR Art. 34 "high risk" individual notifications, US state breach notification letters (California SB 446 mandatory format with 30-day deadline, New York SHIELD Act 30-day requirement, Massachusetts 18-month credit monitoring, Texas 30-day deadline, HIPAA individual notification at 45 CFR §164.404), UK GDPR / ICO-compliant notices, and Australian Privacy Act 1988 Part IIIC NDB individual notifications (Privacy and Other Legislation Amendment Act 2024). Triggers on: "draft individual breach notice", "write breach notification letter", "create breach FAQ", "call center script for data breach", "media statement for breach", "draft breach communication", "notify affected users of breach", "data breach communication suite", "credit monitoring offer in breach letter", "follow-up after breach notice", "substituted notice", "HIPAA individual notification", "review breach letter", "breach notification plain language", "what must I tell affected individuals". Jurisdiction-agnostic wrapper with full EU/UK/US/AU localization. Downstream from legalcode-breach-response-checklist and legalcode-breach-regulatory-notification-drafter in the Legalcode breach skill family.