The Federal Trade Commission (FTC) this week issued the publication, Data Breach Response: A Guide for Business, that outlines steps it recommends that businesses take when it believes it may have suffered a data breach.
According to the guidance, “immediate steps” to take include:
-
Securing physical areas that may be related to the incident, including changing codes
-
Stop additional data loss
-
Remove improperly posted information from the web, if applicable, and search to make sure other sites haven’t posted the information
-
Make sure any service providers who were involved have remedied all vulnerabilities
-
Change service providers’ access rights, as applicable
-
Determine if you have a reportable data breach under state or federal law
-
Contact law enforcement, if applicable
-
Notify any other businesses potentially affected by the incident
-
Notify individuals if required by law
The guidance also provides a model state breach notification letter, although businesses would do well to check the applicable state laws for compliance and customize any letters sent to individuals.
The guidance includes a video and reminds businesses to prevent breaches by protecting information first.
[View source.]
