Nowadays, incidences of data breaches and phishing attacks are fast becoming so rampant. If you’ve been a victim of this, it’s important that you take appropriate actions and steps to salvage the situation. Some steps and actions are required by law.
Assess What’s Lost
Immediately after confirming a data breach, take the necessary steps to assess the extent of the breach. Assemble a team of experts as fast as possible, to determine the scope of the breach. The professionals that should be included in such an action team are data privacy and security legal counsel or advisor, forensic investigators, amongst others.
Secure What’s Left
Most importantly, you must try to secure whatever is left of your data. Get as many IT consultants as possible to fix the problem – including the vulnerabilities with which your attacker(s) wormed their way in.
Notify Appropriate Quarters
It is also imperative – just as the assembled team carries on with the assessment and clean-up, that you communicate with affected businesses or individuals whose data may have been compromised. In addition, the rules require expeditious notification of the incident to relevant law enforcement agencies. The nature and type of the data that has been breached would determine whom to report to and how to make such a report. The legal professional in your assembled mop-up team would guide you in respect of this. If you need a data protection and privacy legal advisor, we are just an email away.
Bottom Line
Finally, before assuming that this issue is simply over flogged and that these legal steps are unnecessary, listen to the woes of past victims of data breaches. They will have much to say about suits filed against them by data breach victims who claim that the non-notification or late notification of the breach of their data cost them losses or fines by law enforcement. Ensure you leave no stone unturned in doing the needful in event of a data breach.