What to Do in the Event of a Data Breach
North Carolina Attorney General Roy Cooper recently gave a presentation on the “alarming rate” at which citizens of Charlotte and the state are falling victim to identity theft. To date in 2015, more than 1.1 million North Carolina residents have been affected by data breaches where criminals had access to their personal information.
Because of the prevalence of this problem, data compromises are sadly becoming less of a question of “if” but rather “when.” Businesses and individuals should take measures to prevent information breaches from common access avenues, but they should also develop a plan for addressing a breach should one occur.
Legal Obligation for Charlotte Businesses Affected by a Data Breach
Per the North Carolina Identity Theft Protection Act, all businesses must notify customers, employees or peripheral individuals like former applicants without “unreasonable delay.” This notification must include:
- A general description of the incident
- The type of personal information that was accessed
- A general description of the efforts to avoid further unauthorized access
- Contact details so the recipient can obtain ongoing information
- Advice for follow up measures that individual should take to monitor access or use of their information
Affected businesses must also release details of the incident to the NC Attorney General’s Consumer Protection Division and the three major credit reporting agencies.
How Charlotte Businesses Should Respond to a Data Breach
Credit reporting bureau Experian provides advice for how businesses can respond in the immediate aftermath of discovering there has been a data breach:
- Make note of the date and time of when the breach was discovered and begin tracking dates and times for response efforts
- Alert top-level management, owners and related department heads
- If the data breach could have been the result of physical access, secure the premises around all accessible computer stations
- Disconnect all affected systems from your company network and the internet. Do not turn these systems off
- Document as much as you can about what is known regarding the incident as well as the timeline of discovery
- Supplement your documentation with recorded interviews or written statements
- Assess priorities and top risks
- Notify law enforcement of the incident. Provide them any materials you have
- Work with law enforcement or an outside forensic team to learn as much as you can about the incident along with who or what was affected
- Begin your notification efforts by documenting the names and information type of affected parties
Once data access has been limited and as much evidence as possible is gathered, businesses can recover by redoubling their efforts to reduce the risk of further data breaches. Law enforcement or your forensic computing team can approve for you to begin deleting or destroying unneeded stored information following the incident to prevent further unwanted access.