Author: Meaghan Zore
Are you ready for a data breach? At least 222 data breaches occurred in 2015 affecting at least 159,436,735 records, according to the Privacy Rights Clearinghouse, a California nonprofit corporation that tracks trends in data privacy. There’s little reason to believe that 2016 is going to see a downtrend in these numbers. Already this year, Time Warner Cable reported a data breach that affected 320,000 of its customers’ records. Given these numbers, it’s no longer a question of “if” a system will be breached, but “when.”
January 28th is Data Privacy Day. Here are 3 steps to becoming data breach ready in 2016:
- Establish a Privacy Training and Awareness Program
- Conduct a Privacy Impact Assessment
A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information is collected, used, shared, and maintained within an organization. Examples of various PIAs can be found on the Federal Trade Commission’s website. You can use a PIA to manage data risks and assess the benefit of engaging in certain data handling practices. Conducting a PIA will help you to better understand and address your company’s vulnerabilities.
- Develop a Data Breach Response Plan
A data breach response plan is a course of action intended to reduce the risk of unauthorized data access and to mitigate the damage caused if a breach does occur. At a minimum your data breach response plan should consist of the following: (1) a point person to take charge in the event of a data breach and act as a liaison between various stakeholders and partners; (2) contact information for relevant stakeholders and third-party service providers; (3) procedures for analyzing and containing the damage caused by a suspected data breach; (4) measures to mitigate the damage done and prevent future breaches; and (5) relevant insurance and credit bureau information.
In 2015, companies incurred an average cost of $154 per breached record and were exposed to a consolidated total cost of $3.8 million per data breach. Breaches are going to happen, but preparation will be key to minimizing the damage done to your organization and your clients in 2016 and beyond.
About the author: Meaghan Zore, founder and principal of Zore Law, advises entrepreneurs and emerging companies on a wide range of legal matters such as business formations, intellectual property issues, commercial agreements and data and privacy considerations. In addition to her practice, she teaches Advanced Civil Procedure: Electronic Discovery and Information Privacy law at Indiana University Robert H. McKinney School of Law. She may be reached at www.zorelaw.com firstname.lastname@example.org. Tel: 415-347-0004