Eye on Privacy: All About Breaches
No company wants to experience a privacy breach. But no security plan is foolproof, and a breach is most likely to happen in a manner you hardly expected. As such, it’s best to have a plan of action.
Breaches can occur in numerous ways, says Oliver Ireland, a partner at Morrison & Foerster, which specializes in financial services. Types include Web site hacks, lost or misplaced computers, physical penetration or burglary, employee misconduct, and negligent failure to secure or destroy information.
Once a break in privacy occurs, assess its severity. “In the financial world, I think about two kinds of breaches,” says Ireland. “One is the breach that is simply an information or a privacy issue where somebody [in the company] has seen information they weren’t supposed to see. And then there is a breach that may have actual consequences for the person to whom the information relates, such as identity theft.”
Appraising the seriousness of the breach is of utmost importance. For instance, explains Ireland, a stolen laptop can be a serious breach, but if the laptop is secure in such a way that its information cannot be accessed, the breach is much less serious.
To ensure quick and consistent response to breaches, it helps to have an emergency response team in place.
The team, says Ireland, should include representatives from legal, IT and/or personnel, public relations, and customer relations.
“[The team must] think about how it happened, what you’re going to do to prevent that sort of breach in the future, whether you need to take steps to rectify it and if you’re going to take steps to prevent that breach from causing harm to the person whose information was involved,” says Ireland.
In certain situations, you may have to notify customers of a breach.