Much like many aspects of life, when a business confirms it has suffered a data breach (not just an incident where the business would lack the statutory and potential regulatory notification obligations), the hardest part is sometimes figuring out where to begin. An effective response strategy involves a quick yet thorough assessment of key factors that affect a business’ notification obligations. Implementing an appropriate response once a breach has been confirmed requires answers to fundamental questions: How did the incident or breach occur? Was the compromise contained? When did it happen? When was it discovered? What type of information was compromised? Who must be notified? When must notification be given? What constitutes adequate notice?

Click here to read the full article in Daily Journal.

Insight Industries + Practices