What You Need To Do After Experiencing A Data Breach

By Timothy Shields, Esquire

One of the worst things that can happen in your professional or personal life is finding out that you or your business has been the victim of a data breach. The first 24 hours are critical in managing your response. As much as possible, it is crucial to act fast to stop the breach, secure your network, and contact your legal counsel. Keep in mind that the next twenty-four (24) hours from the data breach should be planned ahead of time. What you will do during this time can determine how you can survive the crisis.

The clock starts the moment you discover the breach. Take note that some cybersecurity issues are detected right after they are committed while others may take some time before they are discovered.

Set Up A Security Protocol

The first thing that you have to remember is the importance of setting up an effective protocol that people need to follow if your data is compromised. You cannot waste time trying to develop a plan. The plan needs to be in place and now it is about executing. The best thing to do is to anticipate that there will always be hackers who will try to obtain essential information, files, or data from your company.

Thinking about the “when” and not the “if” will get your organization in the right mindset. In so doing, you can easily come up with a plan on what your employees must do to prevent further damage. This necessarily includes delegating a response team responsible for making quick and abrupt judgments or actions during a data breach.

This plan needs to be developed and reviewed with senior leadership, your IT staff, and your data privacy legal counsel.

Make An Assessment After the Breach

The next step is to conduct an initial technical assessment of what took place. This is the part where more details about the breach will be determined. The primary goal here is to identify the primary cause of the breach in security. This will help you correct the problems in your IT system. Your IT team may need to bring in a forensic technical team to help in the assessment. This can be coordinated by your data privacy legal counsel.

At the same time, you should also make an honest assessment of the incident. Never underestimate the existence of a data breach. Were actual files copied? What kind of information was exposed? You need to act fast in finding out the extent of the breach. It is necessary to obtain accurate information about the compromised data. You may have legal liabilities and obligations!

Notify Proper Parties

No one wants to go through the hassle of experiencing a data breach. Once this happens, you may have breach notification laws you have to comply with. As an entity or a business, it is your responsibility to keep all information that you have acquired or recorded secured.

In case the database is compromised or breached, the next thing to do is study whether the crisis requires notification of the state or federal authorities, affected individuals or organizations. You must be able to identify if the said crisis falls under the definition of a notifiable data breach. If yes, then you must take the proper methods in letting people know. As part of your breach planning, your data privacy counsel can help determine these obligations ahead of time.

Conclusion

Data breaches can cause so much stress and anxiety, especially if you are experiencing it for the first time. Your business reputation can be harmed in addition to the legal and financial consequences. This is not a problem to ignore. Instead of being intimated about the crisis, be sure to act quickly and follow your plan. Take note that whatever you do within the 24-hour timeframe can greatly affect the outcome of the breach. Do not hesitate to contact an attorney to help you gain a better understanding of data breach or cybersecurity.


 

Timothy Shields
Partner, Data Privacy, Technology, & Social Media
Kelley Kronenberg-Fort Lauderdale, FL.
(954) 370-9970
Email
Bio

 

 

DISCLAIMER: This article is provided as a courtesy and is intended for the general information of the matters discussed above and should not be relied upon as legal advice. Neither Kelley Kronenberg, nor its individual attorneys or staff, are responsible for errors, omissions and/or typographical errors – always seek competent legal counsel.