Data Breach Notices are essential in alerting clients, customers, and employees about potential threats due to infiltration or data leakage. According to the Identity Theft Resource Center, two-thirds of data breach notices were not detailed enough to evaluate risk in 2022.
“Data breach notices with attack and victim details comprised 72% of all filings in 2019, but slid to a five-year low of 34% last year.” (Cyber Security Dive).
This implies that details that should be included in disclosures are being left out. Data breach notices themselves decreased in 2022, yet victims increased.
“The group identified 1,802 data breach notices in the U.S. last year, a slight decline from 2021. The number of potential victims, however, jumped 41% year over year to 422 million.” (Cyber Security Dive).
How can businesses ensure that their data breach notices are effective and efficient at determining and communicating risk to victims?
The Federal Trade Commission has a guide for businesses in how to approach disclosure protocols after a data breach.
“Move quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Take steps so it doesn’t happen again.” (FTC). “Secure physical areas potentially related to the breach. Lock them and change access codes, if needed. Ask your forensics experts and law enforcement when it is reasonable to resume regular operations.”
It is important to be detailed in your data breach notice in order to be transparent with your clientele.
“Create a comprehensive plan that reaches all affected audiences — employees, customers, investors, business partners, and other stakeholders. Don’t make misleading statements about the breach. And don’t withhold key details that might help consumers protect themselves and their information. Also, don’t publicly share information that might put consumers at further risk.” (FTC).
Don’t be a business that keeps things from affected individuals and organizations. Be transparent in your data breach notices.
“The potential damage caused by the breach at LastPass, which also impacted its parent company GoTo, escalated to alarming levels as the password manager informed customers everything, but their master passwords were compromised in the attack.” (Cyber Security Dive).
Legal requirements are also in place in the event of a data breach.
“All states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply to your situation. Check state and federal laws or regulations for any specific requirements for your business.” (FTC).
The FTC has a comprehensive model letter that outlines the information one would need to include in a data breach notice.
Want to learn more about improving cyber security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh, North Carolina. Service offerings include I.T. support, cyber-security and compliance, cloud-based POS systems and support, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Sources:
FTC. https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
Cyber Security Dive. https://www.cybersecuritydive.com/news/data-breaches-lack-detail/641506/