Data Breach

If you are a business that keeps records of other’s personal information, and your company has experienced a data breach, depending on what information was stolen can determine the degree of the potential damage.  Follow these steps if you need to resolve a breach:

1. Notify law enforcement of the breach, and if you feel it is necessary, you can contact the FBI or the U.S. Secret Service.

2. Immediately notify and other businesses or individuals who’s information has been stolen so they can begin to monitor and fraudulent activities in their accounts.  Notifying the top three credit bureaus (Equifax, Experian, TransUnion) can also assist in better customer support.

In the case that you need to notify another business such as a bank or credit card agency and you lost the account information, notify the institution that maintains those accounts so they can begin to monitor them.  If you collect information from other businesses, you must notify them too.

If the information that was compromised was because for some reason, it was exposed to the public on a website or some other means, you need to remove the information as quickly as possible.  

When notifying an individual, it is your ethical responsibility to talk to your local law enforcement about the best time to notify the individual so as not to burden the ongoing investigation.  You should also designate a contact person who has access to all the latest information in the case and can effectively communicate with the individual on a regular basis.

In your notices to companies and individuals, it is important that they all contain similar content.  They must describe in detail what your company knows about the compromise.  Include all the information about how it happened, when, the remedy that is being used, provide contact information.  You should also consult with the law enforcement on this to know what else should be included in the letter for each particular case.

In order to better assist the victims that you are dealing with, you can refer both companies and individuals to the Federal Trade Commission website as a resource for what other steps they can take to resolve their identity crisis.  You, as a business, can also visit the FTC website to learn what you can do to consult victims that you are assisting.  The FTC website can be found a www.ftc.gov.