A couple of months ago, Mark Eichorn quietly posted a significant post on the Federal Trade Commission’s blog. In it, he gives an overview of how the FTC approaches breach and data security investigations.
The post advises: “We’ll also consider the steps the company took to help affected consumers, and whether it cooperated with criminal and other law enforcement agencies in their efforts to apprehend the people responsible for the intrusion. In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach. Therefore, in the course of conducting an investigation, it’s likely we’d view that company more favorably than a company that hasn’t cooperated.”
In other words, when deciding on punitive measures in data security cases, the Federal Trade Commission is often more lenient with businesses that report breaches to the proper authorities promptly. Or, conversely, if you try to hide a data breach from authorities, and the FTC discovers your deception, the commissioners may – and are legally allowed to – dole out a larger fine.
Three Data Privacy Best Practices For SMBs
- Have a “privacy officer” on speed dial. Privacy officers are usually attorneys; they’re the people businesses can call in the wake of a data breach to determine their legal responsibilities based on the nature of the data attack. Your privacy officer, depending on the information you provide, will let you know what you need to do to satisfy local, state, federal, and international data breach regulations. On occasion, contingent on the circumstances, you may not have to report the incident.
- Don’t ignore security issues. Digital hacking is a serious reality. Laboring under the assumption that “it will never happen to you” or “only the big guys get hit” is erroneous. Implement certain data security measures at your office. Also, establish data security rules for employees – the most fundamental being that they’re forbidden from accessing files remotely without authorization and instruction.
- Have data security, maintenance and breach procedures in place. Moreover, companies should make a habit of corporate-wide password changes on regular intervals. Additionally, like a fire drill, businesses should establish a data breach drill. Not only will it be helpful in the event of an attack, but being able to prove that you did take precautions may mitigate eventual punishments handed down by the FTC or other government agencies.
Consult A Data Breach Lawyer
Lawyers at Internet law firm Kelly Warner act as the privacy officers for several startups and businesses. We’d be happy to help you establish a data security and / or data breach program or procedure that satisfies all state, federal, and international regulations.
When you’re ready to move forward with an online privacy and data security plan, contact Kelly Warner’s online privacy lawyers.