Business Counselor February 17, 2017 Jennifer A. Puplava

Protect Your Business from Security Breach Fallout

Most businesses take steps to implement and maintain reasonable security procedures and practices in order to protect information from unauthorized access, destruction, use, modification or disclosure. A good cybersecurity strategy should not only manage security threats—it should also proactively address how a business will respond to security breaches.

Forty-seven U.S. states require corporate and government entities to take particular actions in the event that a security breach compromises personal information. Some states’ laws set a specific deadline for sending security breach notifications to affected individual residents (30 or 45 days after the breach is discovered, depending on the state), and other states generally require that notification be given in the most expedient time possible and without unreasonable delay. Time is of the essence after a breach is discovered, both to contain and mitigate damage caused by the breach, and to notify affected individuals, regulators, and consumer reporting agencies of the details underlying the breach. Taking the time to plan in advance how breaches will be addressed will enable an entity’s response team to act quickly and in compliance with applicable law.

An established information security policy can help streamline breach notifications when residents in several different states are affected. For example, some states allow entities which have implemented an information security policy to follow the notification procedures set forth in that policy rather than the procedures set forth in the data breach notification statute.

In addition, service providers processing data on behalf of data owners are only required to notify the data owner of the breach, and the burden is on the data owner to provide notice of the breach to affected individuals. This burden, however, can often be shifted to or shared by the service providers through the services contract between the entity and the service provider.

Cybersecurity strategies should be documented in policies and procedures that can be used later as a resource when responding to a security breach. Moreover, the security measures and the steps taken to remediate a security breach should both be documented for reference in the event that the breach results in litigation or administrative action.

If you have any questions regarding your cybersecurity strategy, please contact Jennifer Puplava at (616) 632-8050 or jpuplava@mikameyers.com.

 

See the latest from our firm.

Read All News
Client AlertMarch 26, 2024

Determining Whether to Keep the Family in the Family Cottage

Read Article
September 29, 2022

Is Your Commercial Lease Recession-Proof?

Read Article
Business CounselorSeptember 24, 2021

OSHA’s Pending Vaccination Rule: What Employers Need to Know About President Biden’s Planned Vaccination Mandate

Read Article
Business CounselorSeptember 24, 2021

COVID-19 Vaccines Demand Attention From Employers

Read Article
Business CounselorSeptember 24, 2021

Employer Vaccine Mandates Raise Legal Issues

Read Article
Business CounselorSeptember 23, 2021

Legal Needs in the Gig Economy

Read Article
Business CounselorApril 14, 2020

MIOSHA Extends Emergency Rules for Another Six Months

Read Article
Business CounselorApril 1, 2021

The American Rescue Plan Act’s Changes To COBRA

Read Article
Business CounselorApril 1, 2020

The American Rescue Plan Act’s Changes to the FFCRA

Read Article
Business CounselorDecember 29, 2020

Additional Relief Coming for Michigan Businesses With Approval of State Relief Package

Read Article

Let’s start a partnership worth keeping.

Schedule A Consultation