FTC Favors Companies With Data Breach Contingency Plans

data breach contingency plan
Having a data breach contingency plan may mitigate penalties in the event of an incident.

A couple of months ago, Mark Eichorn posted a quietly significant post on the Federal Trade Commission’s blog. In it, Eichorn gives an overview of how the FTC approaches breach and data security investigations.

In the post, Eichorn advises:

“We’ll also consider the steps the company took to help affected consumers, and whether it cooperated with criminal and other law enforcement agencies in their efforts to apprehend the people responsible for the intrusion. In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach. Therefore, in the course of conducting an investigation, it’s likely we’d view that company more favorably than a company that hasn’t cooperated.”

In other words, when deciding on punitive measures in data security cases, the Federal Trade Commission is often more lenient with businesses that report breaches to the proper authorities promptly. Or, conversely, if you try to hide a data breach from authorities, and the FTC discovers your deception, the commissioners may – and are legally allowed to – dole out a larger fine.

Three Data Privacy Best Practices For SMBs

  • Have a “privacy officer” on speed dial. Privacy officers are usually attorneys; they’re the people businesses can call in the wake of a data breach to determine their legal responsibilities based on the nature of the data attack or hack. Your privacy officer, depending on the information you provide, will let you know what you need to do to satisfy local, state, federal and international data breach regulations. On occasion, contingent on the circumstances, you may not have to report the incident.
  • Don’t ignore security issues. Digital hacking is a serious reality. Laboring under the assumption that “it will never happen to you” or “only the big guys get hit” is erroneous. Implement certain data security measures at your office. Also, establish data security rules amongst your employees – the most fundamental being that they’re forbidden from accessing files remotely without authorization and instruction.
  • Have data security, maintenance and breach procedures in place. Moreover, companies should make a habit of corporate-wide password changes on regular intervals. Additionally, like a fire drill, businesses should establish a data breach drill. Not only will it be helpful in the event of an attack, but being able to prove to officials that you did take precautions may mitigate eventual punishments handed down by the FTC or other government agencies.
data breach law
Kelly Warner Law can create a comprehensive data breach contingency plan for your business.

Consult A Data Breach Lawyer

Lawyers at Internet law firm Kelly Warner act as the privacy officers for several startups and businesses. We’d be happy to help you establish a data security and / or data breach program or procedure that satisfies all state, federal and international regulations. If you’re not yet ready for a consultation, you may want to read through these blog posts [will be linked to online privacy blog]. They will give a better idea of the types of online privacy and data security laws that businesses must follow. When you’re ready to move forward with an online privacy and data security plan, contact Kelly Warner’s online privacy lawyers.

Yes, I Want to Speak with Someone about an Internet Law Issue »