Data Breach Preparedness
The risk of large-scale data breaches will continue to affect businesses of all sizes in 2016. Such breaches may not only require affected companies to incur a great deal of time and expense, but may also prove damaging to their public image. The development of effective plans for responding to data breaches is essential to minimizing the damage that can result from such breaches.
Development of a useful data breach plan begins with a thorough assessment of the information held by the business and the potential mechanisms for unauthorized access of the information. Appropriate personnel to respond to a data breach should be selected and identified. This should include executives, IT professionals, legal counsel, and customer service personnel.
Data breach plans should designate certain tasks to be performed in the initial stages of a breach. Most importantly, the plan must provide for the immediate correction of the problem that led to the breach, as well as the modification of systems to ensure that the breach will not occur again. The plan must also ensure that appropriate steps are taken to keep the company’s website and other IT operations as active as possible while correcting the breach. At the same time, IT personnel should commence the process of identifying the compromised data and the individuals affected. These tasks may be performed by in-house IT personnel or by contractors retained to respond to the incident. In any event, such personnel should have experience in diagnosing and addressing data breach incidents.
Data breach plans must also ensure that affected individuals are timely notified of the breach in accordance with applicable statutes and regulations. Such notifications should include any information specifically required by these statutes and regulations. In addition, such plans must provide for the reporting of such incidents to the appropriate authorities as mandated by law. It is strongly recommended that companies retain legal counsel to assist in this process.
Data breach plans should also incorporate procedures for minimizing damage to customer relations and potential liability arising from an incident. For example, businesses often provide affected parties with credit monitoring services for a specified period of time following a loss. Again, companies should affiliate with legal counsel in making these decisions, and contract with experienced service providers in offering any assistance to individuals whose information has been compromised.
Finally, data breach plans may include procedures for public relations communications regarding incidents, with the goal of communicating the company’s responsiveness to the incident and willingness to assist affected parties.
As the new year begins, businesses should take the opportunity to implement data breach plans or review existing plans to determine areas for improvement. Undertaking these efforts now will help companies avoid being overwhelmed by data breaches when they occur.
Timoney Knox lawyers are prepared to share their expertise in this area in order to assist and facilitate your breach preparation. Please contact us with any questions about preparing your business or the analysis of your insurance coverages. Also, please anticipate our White Paper on this topic to be released this month.