FTC Releases New Data Response Breach Guide For Businesses
The Federal Trade Commission released a new guide for businesses on data breach response yesterday along with a three-minute video summary. The 14-page guide highlights the immediate steps a business should take when responding to a data breach incident. As a bonus, the guidance also offers a model breach notification letter and encourages businesses to provide affected individuals with an IndentityTheft.gov information form, a resource that helps consumers identify proactive action steps when their personal information is compromised in a breach incident.
The FTC guidance highlights three appropriate response actions for a business reacting to a breach incident:
- Secure Operations: Do you have a breach response team? The first step is to mobilize a team of key stakeholders to secure the business and prevent additional loss. Other ways to help secure your operation include, securing physical areas, retrieving or taking down the data at issue, and maintaining (and not destroying) forensic evidence.
- Fix Vulnerabilities: What steps and partners are involved in fixing the issue? Once you’ve identified the scope and cause of the breach, address the security risk issues and correct whatever vulnerabilities are outstanding. Remember to work with affected service providers, experts, and to communicate with relevant parties.
- Notify the Appropriate Parties: Is this a reportable incident? Consult with legal counsel to understanding your reporting obligations. Identify and notify affected persons and law enforcement.