FTC Releases a Data Breach Response Guide For Business

Patrick Fowler
Snell & Wilmer
Contact
LinkedIn
Facebook
X
Send
Embed

Data breaches are fast becoming a fact of life.  Experiencing a data breach is never a pleasant experience, regardless of how it happens – by accident, by criminal intent, or by system failure.  Someone steals a company laptop that contains unencrypted customer data.  A hacker accesses your employee database. A USB drive with confidential information is left behind in a hotel business center. An email with proprietary data is sent to the wrong person.  Customer information is inadvertently posted online.  Whatever the cause, the question then becomes, what should be done next?  Knowing how to properly and quickly respond  to a data breach can make a huge difference in mitigating the potential negative effects of a data breach — both for your company and for everyone else involved as well.

On October 25, 2016, the Federal Trade Commission released a useful 16-page pamphlet, “Data Breach Response: A Guide for Business” that outlines some of the steps companies can take to safeguard their systems during a security incident, as well as who should be notified if personal information has been exposed.  It also issued a short video to accompany the pamphlet.

The FTC Data Breach Response pamphlet is divided into three sections:  (1) Secure Your Operations; (2) Fix Vulnerabilities, and (3) Notify Appropriate Parties.  It also provided the outline of a generic breach notification letter, which might serve as a starting point.

The three sections of the FTC’s suggested breach response steps are outlined as follows:

Secure Your Operations

  • Assemble a team of experts
  • Identify a data forensics team
  • Consult with legal counsel
  • Secure physical areas
  • Stop additional data loss
  • Remove improperly posted information from the web
  • Interview people who discovered the breach
  • Do not destroy evidence 

Fix Vulnerabilities 

  • Think about service providers
  • Check your network segmentation
  • Work with your forensics experts
  • Have a communications plan

Notify Appropriate Parties 

  • Determine your legal requirements
  • Notify Law Enforcement
  • Did the breach involve electronic health information?
  • Notify Affected Businesses
  • Notify Individuals

For related advice on implementing a plan to protect customer information and prevent breaches, you can check out the FTC’s “Protecting Personal Information: A Guide for Business”, and “Start with Security: A Guide for Business”.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Snell & Wilmer | Attorney Advertising

Written by:

Snell & Wilmer
Snell & Wilmer
Contact
more
less

Snell & Wilmer on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide