[BreachExchange] Tips to Help a Business Avoid Data Breach Litigation

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 9 19:22:15 EDT 2017


http://www.jdsupra.com/legalnews/tips-to-help-a-business-avoid-data-54050/

Little else is as stressful for a company than handling the aftermath of a
data breach. Not only does the company have the obligation of making
notifications to clients about the data breach, but it may also be
confronted by data breach lawyers with at least one lawsuit, or even a
class action. There are steps that can be taken to help a company avoid
data breach litigation.

Preparation for a Data Breach is Key to Mitigating Problems Down the Road

Every company large and small should be prepared for a data breach because
it is only a matter of time until they are victimized by cyber criminals.
Companies can prepare themselves for data breach situations by having a
plan on how they will handle a data breach situation. Running practice
drills of a data breach scenario can also be helpful for the company to
identify potential pitfalls and shortcomings, which can be addressed in
advance of the real thing.

The action plan should cover both how to technically contain a data breach
and a public relations campaign that details what will and will not be said
to the press about the data breach situation as well as what will be
communicated to the consumers who may have been exposed in the data breach.
What words are used in the media are critically important since the lawyers
will likely try to use what is said to their advantage later in court. Know
how the data breach situation will be handled by your company before it
happens.

Understand the Company’s Rights and Obligations Under the Law

Companies need to know what their rights and obligations are under the law
before a data breach occurs. Knowing the law on these matters will give the
company better footing on how to handle the aftermath of the situation.
Companies that do not know or understand data breach law often fail to
notify consumers whose data may have been exposed in a breach in a timely
manner, which can result in significant penalties for the company.

Data breach law requires companies to take action quickly upon discovery of
a data breach. The company is responsible for quickly shutting down the
breach, and then is responsible for notifying victims within a reasonable
time after the breach is discovered. It is better to own up to the data
breach and let those who are affected by the breach know as soon as
possible that their personal identifying information or credit card
information has possibly been exposed.

One of the best strategies for a company to have concerning data breaches
is to be prepared. Knowing in advance what you will have to do, what you
will need to say, and how you can manage the aftermath of a data breach can
go a long way towards helping your company avoid data breach litigation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170509/258d66ef/attachment.html>


More information about the BreachExchange mailing list