The Federal Trade Commission (FTC) this week issued the publication, Data Breach Response: A Guide for Business, that outlines steps it recommends that businesses take when it believes it may have suffered a data breach.

According to the guidance, “immediate steps” to take include:

  • Securing physical areas that may be related to the incident, including changing codes
  • Stop additional data loss
  • Remove improperly posted information from the web, if applicable, and search to make sure other sites haven’t posted the information
  • Make sure any service providers who were involved have remedied all vulnerabilities
  • Change service providers’ access rights, as applicable
  • Determine if you have a reportable data breach under state or federal law
  • Contact law enforcement, if applicable
  • Notify any other businesses potentially affected by the incident
  • Notify individuals if required by law

The guidance also provides a model state breach notification letter, although businesses would do well to check the applicable state laws for compliance and customize any letters sent to individuals.

The guidance includes a video and reminds businesses to prevent breaches by protecting information first.