You’re right to be concerned. Cyberattacks on businesses are becoming more common – and costly. The average total cost of a data breach was $5.9 million in 2014, and it’s likely to be more in the future.
When a data breach occurs, a company faces many challenges, including a duty to notify its customers. Forty-seven states (all but Alabama, New Mexico & South Dakota) have adopted laws setting data breach notification standards. While there is no uniform national standard for data breach notification, federal laws pertaining to health data and financial data set industry-specific standards for breaches of data.
In addition, the Federal Trade Commission has used its authority to take action related to data security. It also appears likely that the EU will be passing stringent regulations relating to data breaches. As advancements in data storage causes more and more data to cross state and international lines, this complex patchwork of regulation becomes increasingly significant.
So what is a business owner to do?
Promptness in reacting to a breach and awareness of the relevant regulations is critical to helping a company avoid harsh fines, consumer backlash and further data loss.
Create a data breach plan
Establishing a response team and an action plan on how to handle data breaches can help a company respond more quickly. Here are a few steps to get you started:
1. Choose a small but well-represented data breach response team that includes decision-makers from the executive level of the company, IT personnel, legal counsel, public relations professionals, and customer care representatives.
2. Create a data breach response plan that clearly
- identifies the company’s priorities in the first 24 hours after discovery of the breach;
- analyzes applicable legal regulations;
- creates reporting channels; and
- pinpoints public relation goals.
Review and revise the plan regularly to reflect changes in statutory guidelines and your company’s goals.
Get your house in order
While preparing for the worst is vital, avoiding a breach all together is even better.
The majority of breaches come down to one thing: people. Doing the following can help a business prevent the likelihood of data breaches from occurring in the first place:
- Educate employees on the importance of cybersecurity;
- Limit data access so that only those who need specific data have access;
- Implement policies requiring strong passwords;
- Limit access to data through exploitable systems;
- Create clear reporting channels for violations of data security procedures
* * * *
This post was co-authored by Steven J. Boyne, an experienced corporate attorney and co-chair of Gunster’s insurance law practice. Cassidy Bergstrom is an attorney in Gunster's Jacksonville office; she represents clients in a variety of matters, with a focus on real property transactions.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
- Shareholder