ASC BreachShield
|
What is a data security breach?
In simple terms, a data security breach occurs any time there is unauthorized access to data.
How do data security breaches occur?
Some of the most common causes of data security breaches are:
- Hacking
- Loss or theft of equipment containing data
- Phishing or other invasive forms of electronic communication
- Malware including viruses, spyware, worms, and trojans
- Malicious activity
- Human error
What is the impact of a data security breach on an organization?
The impact of a data security breach can be far reaching and long lasting. This includes loss of data, compliance pressures, customer loss or attrition, diminished trust, reduction in brand equity, litigation, and negative press. Any and all of these issues have the potential to erode shareholder value. As such, executing a skilled data security breach response strategy is critical to managing and reinforcing the trust of your clientele. In fact, a skillful response can actually transform the negative implications of a data security breach into a valuable brand-enhancing and loyalty-building opportunity.
How should I notify the impacted population that a data security breach has occurred?
It is important to alert the impacted population in a clear, concise and timely manner. However, merely informing your clientele of a data security breach could prove catastrophic. A more effectual post-breach strategy is to brief clientele on the proactive measures you are implementing to protect them. Taking a responsive, leadership role in your communication strategy can play a significant role in restoring – and even increasing – clientele loyalty after a data security breach occurs.
What should I offer to the impacted population of a data security breach?
What you provide to your clientele will depend on the risks ascribed to the particular data security breach. However, general best practices include the provision of:
- Credit reports from the three major credit reporting agencies (Experian, Equifax, TransUnion)
- Credit monitoring
- Ongoing credit scores
- Identity theft insurance
- Identity fraud resolution services
Your ASC BreachShield consultant will be able to determine the most effective benefits configuration based on the unique circumstances and characteristics of your data security breach.
If a data security breach occurs, what am I required to do by law?
Each state has differing regulations about the reporting and recompense for resolving a data security breach. In addition, if your organization touches clientele across state lines, you may be subject to different compliance requirements based on the location of the affected parties. You should check with your legal department regarding your legal requirements.
Why should I take action if I am not legally required to notify customers that a data security breach has taken place?
There are many reasons to address a data security breach even if you are not required to do so by law. In a world where information can be shared instantaneously, you need to consider possible repercussions should your clientele be notified of your data security breach by another entity. Additionally, notifying and protecting the impacted population reflects the responsibility that your organization feels toward its customers, employees, suppliers and other valued partners. Lastly, a seemingly negative event, when handled well, can actually be leveraged as a relationship building activity.