A couple of months ago, Mark Eichorn posted a quietly significant post on the Federal Trade Commission’s blog. In it, Eichorn gives an overview of how the FTC approaches breach and data security investigations.
In the post, Eichorn advises:
In other words, when deciding on punitive measures in data security cases, the Federal Trade Commission is often more lenient with businesses that report breaches to the proper authorities promptly. Or, conversely, if you try to hide a data breach from authorities, and the FTC discovers your deception, the commissioners may – and are legally allowed to – dole out a larger fine.
Three Data Privacy Best Practices For SMBs
- Have a “privacy officer” on speed dial. Privacy officers are usually attorneys; they’re the people businesses can call in the wake of a data breach to determine their legal responsibilities based on the nature of the data attack or hack. Your privacy officer, depending on the information you provide, will let you know what you need to do to satisfy local, state, federal and international data breach regulations. On occasion, contingent on the circumstances, you may not have to report the incident.
- Don’t ignore security issues. Digital hacking is a serious reality. Laboring under the assumption that “it will never happen to you” or “only the big guys get hit” is erroneous. Implement certain data security measures at your office. Also, establish data security rules amongst your employees – the most fundamental being that they’re forbidden from accessing files remotely without authorization and instruction.
- Have data security, maintenance and breach procedures in place. Moreover, companies should make a habit of corporate-wide password changes on regular intervals. Additionally, like a fire drill, businesses should establish a data breach drill. Not only will it be helpful in the event of an attack, but being able to prove to officials that you did take precautions may mitigate eventual punishments handed down by the FTC or other government agencies.
Consult A Data Breach Lawyer
Lawyers at Internet law firm Kelly Warner act as the privacy officers for several startups and businesses. We’d be happy to help you establish a data security and / or data breach program or procedure that satisfies all state, federal and international regulations. If you’re not yet ready for a consultation, you may want to read through these blog posts [will be linked to online privacy blog]. They will give a better idea of the types of online privacy and data security laws that businesses must follow. When you’re ready to move forward with an online privacy and data security plan, contact Kelly Warner’s online privacy lawyers.