In our connected world, the internet is an essential tool for doing business, but it is also a major source of risk. It often isn’t a matter of if your data will ever be compromised, but when and how much. Good data protection policies and practices can help your business minimize risk and exposure to a data breach. However, it is also important to know what to do if your company does experience a data breach, including any legal requirements imposed upon your company.
A data or security breach is the unauthorized access of computer data, programs, devices, or networks. This results in information being accessed without authorization, compromising the security and confidentiality of personal information maintained by a business. A security breach can be due to many vulnerabilities, including intercepting unencrypted customer data, using stolen equipment, and gaining unauthorized access to a computer network through a software vulnerability or weak password.
The best way to protect against a data breach is to implement adequate data security policies and practices. This includes:
For more information on ways to help your business prevent a data security breach, the FTC has a useful guide.
No software is 100% vulnerability-free, and even the best plans can go awry. While prevention is the best way to avoid unnecessary damages, it is also important to know what to do if a breach has occurred. Breach mitigation and response can include:
Most states have enacted legislation that requires a business to notify an individual whose personal information was involved in a breach. In Washington, a person or company conducting business in Washington must disclose any data security breach where a Washington Resident’s personal information was exposed or reasonably believed to have been exposed. This notification must be made “in the most expedient time possible,” but not more than 45 days after the breach was discovered. If a single breach affects more than 500 Washington Residents, a sample copy of the security breach notification, excluding any personally identifiable information, must be submitted to the Washington State Attorney General.
You are not alone – Speak with our corporate counsel attorneys to discuss your business’ security and data protection policies. Contact us at 425-250-0205 or contact@equinoxbusinesslaw.com.
Legal Disclaimer: This article contains general information. Do not view this article as legal advice. Talk with counsel familiar with your unique business needs before taking or refraining from any action.
By submitting this form, you are consenting to receive marketing emails from: Equinox Business Law Group PLLC, 11130 NE 33rd PL, Suite 120, Bellevue, WA, 98004, US, http://www.equinoxbusinesslaw.com.