What Are Companies Required to Do After a Data Breach?
How a company responds after it learns of a data breach can determine the extent of its liability and the difficulties it may face. If the personal information that you have entrusted to others has been compromised, the data breach attorneys at Federman & Sherwood can help.
Companies must take prompt action when they have learned of a data breach. Not only must they quickly act to minimize the harm, but they must also work to ensure that it does not happen again in the future. Unfortunately, when someone has gained access to a system, it is not always easy to stem the problem.
Call the data breach lawyers at Federman & Sherwood to learn whether you may be entitled to compensation for a data breach. We can help you file a lawsuit to seek money for your losses.
Here is what companies should do when your data has been compromised.
Identify the Breach
It is crucial that the company identify which systems were breached. Hackers may have gained access to certain systems, while not gaining entry to others. The National Institute of Science and Technology has specified two means of identifying breaches; leads and indicators, a lead can be detected from checking the web server log. Indicators can be suspicious activities, such as a phishing email.
According to IBM, it can take a company an average of nine months to identify and contain a breach. It may be months before a company may realize that its systems were compromised.
Minimize Further Harm
The company must contain the breach to keep things from getting worse. An uncontained breach means that hackers may be able to gain access to even more information. The first step a company should take is to mobilize a data breach team immediately. The company should take steps to restrict access to critical data to only those who absolutely need it. Then, they should secure their own systems and immediately fix the vulnerabilities that resulted in the breach.
Notify Customers
Anyone whose data has been compromised in the breach needs to know immediately. Otherwise, malign actors may either use the information that they stole to commit fraud and identity theft, or they may sell the data to others who will.
As difficult as it is for a company to notify customers of the breach, given the liability and reputational effects, they must give this notice as soon as possible. Each state has its own law about how long a company has to inform customers of a breach. In Texas, a company has sixty days to inform customers, although it may lead to even more liability if a company waits this long because consumers may not be able to take timely steps to protect themselves.
Report the Breach
Each state has its own laws about how long companies have to report a data breach to the relevant authority. In Texas, the law states that a company must notify authorities of the breach as soon as possible. In Oklahoma, the law is similar in that the breach must be reported without unreasonable delay. Companies can face large fines if they do not report the breach in time.
There is no one overarching federal law about reporting data breach, but there are rules when there is healthcare information stolen or the breach affects a financial institution.
Fix Vulnerabilities
The company needs to make sure that they have taken steps to ensure that there is no subsequent breach. If the breach occurred at a third party that held the data, the company needs to evaluate their security protocol and consider changing third-party vendors. A company also needs to evaluate who has access to their internal systems and take steps to cut back on who may login credentials in the future.
Companies need to act quickly to take these steps. How they respond may determine both the severity of the breach and some of the penalties that they face. While a company would likely be liable to those whose data was compromised, they may be in even more trouble if they reacted lackadaisically to the breach, and the damage got worse.
Contact a National Data Breach Law Firm Today
If you have been victimized when your personal information was stolen, get legal help from the data breach lawyers at Federman & Sherwood. We have offices in Texas and Oklahoma, and we serve affected clients nationally. You can schedule a free initial consultation with one of our data breach attorneys by calling us today at 800-237-1277. You pay us nothing unless you recover money for your damages.