Your Organization was breached! Now what? (Part 3 of 4)

Your Organization was breached! Now what? (Part 3 of 4)

Your IT technician has just informed you that your business has suffered a data security breach. Now what should you do?

Content Provided by Defeat The Breach Member
Fraser Trebilcock P.C.

Click here for Part 1 of this series.

Step 3: You have identified recipients that require notification and have obtained their contact information. What information should the notification contain?

Any notifications you send out must meet all of the following requirements:

    1) The notice must be written in a clear and conspicuous manner or must be clearly communicated (if it is a phone notice).

    2) You must describe the security breach in general terms.

    3) You must describe the personal information that is subject to the breach.

    4) If applicable, you must describe in general terms what you have done to protect the recipient's data from further security breaches.

    5) You must include a telephone number where a notice recipient may obtain additional information or assistance.

    6) You must remind notice recipients of the need to remain vigilant for incidents of identity theft and fraud.

Join us next week for Step 4: You have notified affected customers and vendors of the data breach. Do you have to meet any additional notice requirements?

This article is Part Three of a brief summary of state law. Additional federal or common law principles may also apply, given the circumstances. Readers should not rely on this generalized, introductory article as it is not legal advice. Anyone affected by the law should seek competent counsel regarding the law. This content Provided by Defeat The Breach Member Fraser Trebilcock P.C.


!-- Start of HubSpot Embed Code -->