The Federal Trade Commission (FTC) this week issued the publication, Data Breach Response: A Guide for Business, that outlines steps it recommends that businesses take when it believes it may have suffered a data breach.
According to the guidance, “immediate steps” to take include:
- Securing physical areas that may be related to the incident, including changing codes
- Stop additional data loss
- Remove improperly posted information from the web, if applicable, and search to make sure other sites haven’t posted the information
- Make sure any service providers who were involved have remedied all vulnerabilities
- Change service providers’ access rights, as applicable
- Determine if you have a reportable data breach under state or federal law
- Contact law enforcement, if applicable
- Notify any other businesses potentially affected by the incident
- Notify individuals if required by law
The guidance also provides a model state breach notification letter, although businesses would do well to check the applicable state laws for compliance and customize any letters sent to individuals.
The guidance includes a video and reminds businesses to prevent breaches by protecting information first.