| Notify Individuals |
| November 16 2022
|
| Posted in: Data Breach Reporting |
Notify individuals. If you quickly notify people that their personal information has been compromised, they can take steps to reduce the chance that their information will be misused. In deciding who to notify, and how, consider: state lawsthe nature of the compromisethe type of information takenthe likelihood of misusethe potential damage if the information is misused For example, thieves who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name, but also to commit tax identity theft. People who are notified early can take steps to limit the damage. When notifying individuals, the FTC recommends you: Consult with your law enforcement contact about the timing of the notification so it doesn’t impede the investigation.Designate a point person within your organization for releasing information. Give the contact person the latest information about the breach, your response, and how ...read more
|
| Label /
Permalink
|
|
|
|
| Notify Appropriate Parties |
| November 16 2022
|
| Posted in: Data Breach Reporting |
When your business experiences a data breach, notify law enforcement, other affected businesses, and affected individuals. Determine your legal requirements. All states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply to your situation. Check state and federal laws or regulations for any specific requirements for your business. Notify law enforcement. Call your local police department immediately. Report your situation and the potential risk for identity theft. The sooner law enforcement learns about the theft, the more effective they can be. If your local police aren’t familiar with investigating information compromises, contact the local office of the FBI or the U.S. Secret Service. For incidents involving mail theft, contact the U.S. Postal Inspection Service. Did the ...read more
|
| Label /
Permalink
|
|
|
|
| Fix Vulnerabilities |
| November 16 2022
|
| Posted in: Data Breach Reporting |
Think about service providers. If service providers were involved, examine what personal information they can access and decide if you need to change their access privileges. Also, ensure your service providers are taking the necessary steps to make sure another breach does not occur. If your service providers say they have remedied vulnerabilities, verify that they really fixed things. Check your network segmentation. When you set up your network, you likely segmented it so that a breach on one server or in one site could not lead to a breach on another server or site. Work with your forensics experts to analyze whether your segmentation plan was effective in containing the breach. If you need to make any changes, do so now. Work with your forensics experts. Find out if measures such as encryption were enabled when the breach happened. Analyze backup or preserved data. Review logs to determine ...read more
|
| Label /
Permalink
|
|
|
|
| Secure Your Operations |
| November 16 2022
|
| Posted in: Data Breach Reporting |
Move quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Take steps so it doesn’t happen again. Secure physical areas potentially related to the breach. Lock them and change access codes, if needed. Ask your forensics experts and law enforcement when it is reasonable to resume regular operations.Mobilize your breach response team right away to prevent additional data loss. The exact steps to take depend on the nature of the breach and the structure of your business. Assemble a team of experts to conduct a comprehensive breach response. Depending on the size and nature of your company, they may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management. Identify a data forensics team. Consider hiring independent forensic investigators to help you determine the source and scope ...read more
|
| Label /
Permalink
|
|
|
|
