Data Breach Notifications: How, What, When, and Why

<p style&equals;"text-align&colon; justify&semi;">It is every company’s worst nightmare&semi; A hacker has managed to breach its web servers and how has access to the company’s customers’ personal and financial information&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify&semi;">While it is obviously ethical to notify one’s customer when his&sol;her information has been stolen&comma; many States have enacted laws&comma; which legally mandate that businesses communicate breaches in data communications&period; Naturally&comma; a business may hesitate if it experiences a data breach&comma; especially if the breach affects a large number of people&period; Still&comma; the intuition to withhold information is counterproductive and will undoubtedly cause more harm than good&period;  It is not uncommon for companies with sufficiently significant harm to their <a href&equals;"https&colon;&sol;&sol;www&period;cohnlg&period;com&sol;trademark-symbols-r-tm-sm-a-complete-guide&sol;" target&equals;"&lowbar;blank" rel&equals;"noopener">brand<&sol;a> to sell their company all together and just start over&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify&semi;">If your website and&sol;or servers have been breached&comma; you must notify your community of users and providers&semi; neglecting to provide notification to your users may result robust and severe legal penalties and fines&period; As part of any comprehensive security plant&comma; it is important to evaluate data breach notification laws in your particular State and even city and adapt your policies accordingly&period; By developing a data breach notification plan&comma; you can save your business’s reputation and avoid paying out large penalties&period;<&sol;p>&NewLine;<h2>What Qualifies as a Breach in Security&quest;<&sol;h2>&NewLine;<hr &sol;>&NewLine;<p style&equals;"text-align&colon; justify&semi;">It is first important to define and understand the term&comma;&OpenCurlyDoubleQuote;<a href&equals;"https&colon;&sol;&sol;newsforpublic&period;com&sol;protect-business-data-loss&sol;">data breach<&sol;a>” and consider how it may occur&period;  On the most fundamental level&comma; a Data Breach is simply any security incident where data is accessed without authorization&period; Data Breaches at the level of a company’s website directly or through more sophisticated attacks on the server&sol;s which host the website&period;  Common ways in which data breaches occur include weak password selections&comma; improper security configurations&comma; vulnerabilities in the code resulting in Back Door options&comma; and generic Malware&period;<&sol;p>&NewLine;<h2>What a Breach in Security Can Cost a Company<&sol;h2>&NewLine;<hr &sol;>&NewLine;<p style&equals;"text-align&colon; justify&semi;">A data breach can cost a company potentially millions of dollars&comma; both in lost users who have since terminated their relationship with the given company AND in legal penalties and fines&period; Cyber-attack scan and should be considered a serious concern for just about any type of business that operates a digital platform or manages user info with digital products&period;21<sup>st<&sol;sup> century-businesses must focus on preventing data breaches inside and outside their companies by continuously conducting due diligence on security systems in place to safeguard user information&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify&semi;">Personal information&comma; such as credit card numbers&comma; contact names&comma; and social security numbers&comma; are among the most common forms of data along with personal financial information&period;<&sol;p>&NewLine;<h2 style&equals;"text-align&colon; justify&semi;">Why Data Breaches Happen<&sol;h2>&NewLine;<hr &sol;>&NewLine;<p style&equals;"text-align&colon; justify&semi;">Cybercrime is profitable&comma; efficient&comma; and &OpenCurlyDoubleQuote;fast”&comma; as competent attackers can seize a large amount of information quickly and inconspicuously&period; Target attacks can happen for the following reasons&colon;<&sol;p>&NewLine;<ul style&equals;"text-align&colon; justify&semi;">&NewLine;<li>The cyber-attacker finds a hole in out-of-date software so he or she can slip malware into the program&period; This makes it simple for the thief to extract personal and financial details&period;<&sol;li>&NewLine;<li>A hacker can either guess an insecure&sol;weak password OR &OpenCurlyDoubleQuote;hard-crunch” password possibilities&period; This is especially easy to do if the password consists of a simple phrase or word&period; Data security experts therefore advise passwords to be complicated and unique to avoid breaches in data security&period;<&sol;li>&NewLine;<li>Cyber criminals also can perform a &OpenCurlyDoubleQuote;drive-by download” of a virus by visiting an out-of-date web page&comma; or a site that has an older operating system or browser&period; Older software very often has antiquated coding structures that are not sufficiently modern to deal with contemporary coding problems&period;<&sol;li>&NewLine;<li>Finally&comma; attackers may use phishing emails and spam-messaging to trick the user into providing their personal details or downloading malware attachments&period; An email is an easy vehicle for a cyber-criminal to use to download a malware onto your computer&period;That is why you should never open links from an unknown source&period;<&sol;li>&NewLine;<&sol;ul>&NewLine;<h2>What Is a Data Breach Notification Plan&quest;<&sol;h2>&NewLine;<hr &sol;>&NewLine;<p style&equals;"text-align&colon; justify&semi;">Unfortunately&comma; even the best security mechanism may fall and a data breach may occur&period; That is why you need to create&comma; for good measure&comma; a data breach notification plan&period; This plan helps you initiate the tasks you need to follow if a data breach happens in your company&period;<&sol;p>&NewLine;<h2>What You Should Include in Your Data Breach Plan and Outline<&sol;h2>&NewLine;<hr &sol;>&NewLine;<p style&equals;"text-align&colon; justify&semi;">The following information should be included in your data breach notification plan and outline&period;<&sol;p>&NewLine;<ul style&equals;"text-align&colon; justify&semi;">&NewLine;<li>A designated &OpenCurlyDoubleQuote;data officer” with a special email account to manage and notify web users and clients of the breach<&sol;li>&NewLine;<li>The contact information for businesses and agencies that must be notified<&sol;li>&NewLine;<li>Clear representations of the user data on file&comma; how and why it is protected&comma; and what&comma; as a legal matter would qualify as a &OpenCurlyDoubleQuote;data breach”&period;<&sol;li>&NewLine;<li>An guide which designates&comma; on a strategic and technical level&comma; when a breach has occurred and who may be responsible&period;<&sol;li>&NewLine;<li>A timeline for meeting the milestones required by law&period;<&sol;li>&NewLine;<li>A step-by-step outline to guide your business to meet each task during reporting&period;<&sol;li>&NewLine;<li>A summation of the disciplinary action your company will take toward anyone who violates the rules of the data breach notification plan&period;<&sol;li>&NewLine;<li>Information about the security measures currently in place&period;<&sol;li>&NewLine;<li>An explanation of any prior data breaches and what was learned from the incident&lpar;s&rpar;&period;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p style&equals;"text-align&colon; justify&semi;">Without a data breach notification plan in place&comma; you cannot respond to the event in a timely and efficient manner&period; Remember&comma; with Data Breaches&comma; transparency and timeliness is critical&period; Business owners must make every effort to comply with both State and Federal&period;Because data breach and privacy laws get updated all the time&comma; it is important to stay current with evolving legislation and technical developments&period;<&sol;p>&NewLine;