4. Customers should receive notice from an insurer, insurance producer, or other state-regulated entity in the event of a data breach, by mail or e-mmail, and without "unreasonable delay" (never later than 60 days after a breach, unless a criminal investigation is potentially affected.)