The Identity Theft Resource Center defines a breach as “an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format.” Not all data breaches result in identity theft.
Management should develop policies and procedures to monitor the risks and evaluate safeguards in place to protect sensitive personal information. Creating an incident response plan and training an incident response team will ensure your organization is equipped to act swiftly to mitigate the internal and external damage of a security breach.
What should a business, nonprofit, or government do if you suspect confidential data has been put at risk? Regardless of your size, how you respond will impact your reputation. Some organizations may fail to disclose security breaches or try to minimize their impact.
We recommend quick action if an actual or suspected security breach occurs. You will likely need the assistance of the following professionals:
- Attorney
- Law enforcement
- Insurance agent
- IT professional
- IT forensic expert
- Breach support vendor
All organizations should be aware of the state laws that govern their responsibilities to notify affected consumers within a required timeframe. In addition, credit card companies have their own policies, procedures, and reporting deadlines for a data breach.