FTC Issues Guide for Responding to a Data Breach
(October 25, 2016) Need guidance when your business suffers a data breach?
The Federal Trade Commission (FTC) has released Data Breach Response: A Guide for Businesses both as a pamphlet and a video. It outlines the steps a business should take after a data breach. The booklet also includes a model notification letter to send when personally identifiable information is stolen.
The FTC divided response actions into three categories.
Secure Your Operations. This includes:
- Assembling a response team.
- Securing physical areas related to the breach and changing access codes.
- Taking all affected equipment offline immediately but not turning off any machines until the forensic experts arrive.
- Removing improperly posted information from the web.
- Preserving all evidence.
Fix Vulnerabilities. This includes checking network segmentation, working with forensic experts, and establishing a communications plan.
Notify Appropriate Parties. This includes determining the legal requirements for notification, notifying law enforcement, and notifying affected businesses and individuals.
Of course, businesses should not wait until a data breach occurs to have a response plan in place. Balough Law Offices, LLC not only has helped its clients develop data breach response plans but also has assisted clients in developing policies to prevent data breaches.