 |
What a Business Should Do When Personal Data is Breached
HSB Offers Tips to Help You and Your Customers Respond to the Loss of Personal Information
|
With most states requiring that a business respond to the loss or theft of personal information they keep on customers, employees, vendors and others, it is essential that your customers be prepared when private data is breached.
DATA COMPROMISE COVERAGE
HSB's Data Compromise coverage is provided through partner insurance companies that choose to add the coverage to their commercial policies. HSB does not offer the program on a direct basis. If you are interested in securing Data Compromise coverage for your clients, contact your local HSB field representative.
|
 |
WAYS TO PROTECT PERSONAL INFORMATION
In a previous Whistlestop Express article, HSB offered tips to help prevent a breach of personal information. It's equally important that a business take immediate action when a data breach does occur. And that includes your own company. You are responsible for sensitive information about employees and customers.
HOW TO RESPOND TO A DATA BREACH
We suggest that you take the following steps in the event of a data breach.
| 1. |
Notify Senior Management. A breach of personal data, small or large, is a threat to the reputation and integrity of any organization. The most senior management of the organization should be immediately made aware of the situation. |
|
| 2. |
In Cases of Theft or Fraud, Notify Law Enforcement. Any breach arising from criminal activity should be reported immediately to the proper law enforcement authorities. |
|
| 3. |
Gather Information. Before deciding on a response plan, it makes good sense to carefully review and double-check what is known and what is unknown about the breach. When did it happen? How did it happen? What information was breached? Who has the breached information? |
|
| 4. |
Seek Expert Advice. A reputable breach restoration firm can provide a wealth of information about how best to manage a breach situation. Most organizations will also want to consult with outside legal counsel. In some cases, specialists may be needed to investigate the occurrence to determine the nature or extent of the breach. |
|
| 5. |
Restore Security. As you determine the nature and cause of the data breach, take immediate action to reduce or eliminate the possibility of future breaches of a similar kind. This would also be a good time to review all of your data security policies. |
|
| 6. |
Draft a Response Plan. This is the step that many organizations want to do first. We recommend that you first address Steps 1-5. At that point, you should have the proper information and advice to make informed decisions about the most appropriate response plan. In many cases, this will include notification to all individuals whose information was breached, accompanied by an offer of services appropriate to the situation. However, each case is different. In some cases, you might determine that the event does not warrant any notification. |
|
| 7. |
Implement and Follow Through. Any plan to notify and offer services should be backed up by a service plan contracted for with a reputable service provider. |
|
|
|
