Protecting Your Business Interests After A Data Breach
The strategies that hackers use to siphon sensitive information from companies are constantly evolving, increasing in their sophistication by the day. Should a data breach occur despite your attempts to safeguard information, the way that your company responds to this theft will directly affect your reputation and your legal obligations.
At Berenzweig Leonard, our attorneys provide a full range of legal services to our business clients, including counseling executives and business owners on their best options after a data breach. Our cybersecurity attorneys, technology lawyers, and litigators work in tandem to develop an aggressive approach that mitigates public relations headaches and minimizes penalties after personal data is unlawfully accessed.
Answering Your Frequently Asked Questions About Data Breach Notifications
Seasoned business owners and executives know that communication is a critical component of crisis management. Many of the questions we typically field about data breach notifications involve communication: the depth of information that is necessary, whom to notify among other concerns. Please read these answers below to learn more about the steps you need to take after a breach.
What types of breaches require notifications?
Business owners are required to notify victims of a breach when an unauthorized individual accesses unencrypted, personal information that could be used to steal that person’s identity.
What is personal information?
“Personal information” refers to information that includes the individual’s first and last name, or first initial and last name, in addition to this information: six numbers in the person’s social security number or the final five digits of a credit card, debit card, banking account, or driver’s license number. If the victim’s financial account numbers are taken in a breach, passwords or other security codes must be taken as well to require notification.
What happens when businesses don’t give notice?
Businesses that fail to notify victims in a timely fashion may be required to pay steep fines. In Virginia, businesses can face up to $150,000 in fines for each incident. Victims may also take legal action against the businesses.
Whom do owners notify?
After discovering that personal information was unlawfully accessed, businesses that own the data must send legal notifications to the state attorney general and the victims of the breach. Businesses that do not own the data but discover the unlawful access are required to notify the company that does own the data.
What information must be included in a notification?
When drafting a notification, business owners must identify the date the breach was discovered and provide an estimate of the date the breach occurred. Owners must also identify the source of the breach, those affected, and the actions taken to resolve the issue. When notifying victims of the breach, business owners must also include a contact number for individuals to dial should they need extra assistance.
Recovering After A Data Breach Takes Skill And Experience. We Can Help.
We have the knowledge you need to address complex matters related to a data breach and other cybersecurity matters. We can help you find a remedy for this situation whether unauthorized persons accessed information about your customers, contractors, employees, partners, or shareholders. Call 703-760-0402 or email our team to receive prompt legal advice and begin identifying creative solutions for your complex data breach concerns.
From our office near the nation’s capital, we are qualified to advocate for clients across the country.