Post-Data Breach Notifications and Disclosures. | International Business, Trade and Taxation

You are a business that holds the personal information of employees and customers and the worst has been released: there has been a data breach.

Depending on where your business, employees and customers are located, there are different requirements on how to handle such a breach.

For those jurisdictions that have laws governing this area, there will be notice and disclosure requirements.

But what happens if the breach goes unnoticed? How can your business be sure that they are keenly aware of all data breaches? Many data breaches aren’t even discovered for months. Are all data breaches created equally? What sort of breach must be reported? We hope this posting will clear up some of the questions that your business may have regarding data breaches and required action if not put your business on the right track to data security.

There are ways in which companies can monitor if breaches have happened or if any strange behaviours are happening that would suggest that they have been hacked. Still, sixty-two percent of breaches take months to be discovered.

Almost every state has requirements that in at least some cases, data breaches, once discovered, be subjected to a risk of harm analysis and parties and the Attorney General be notified. Some industries require that there be notifications made. Some suggest that all data breaches should be paired with a notification and some press about what the company is going to do in the future to prevent such events from happening.

It is important to know what the standards are for not only the jurisdiction your business is located in but the jurisdictions for every person’s data that you hold, as residency of the person’s data is the standard that must be followed to meet the standards of most state laws in addition to the industry standards.

If you have more questions about data breaches and notification and disclosure requirements more specific to your business or jurisdiction then please don’t hesitate to contact us for more personalised information. Even questions about how to get started are welcomed.

We also can suggest purchasing a copy of our e-book, Data Privacy: A Practical Guide, available at: http://intersticeconsulting.com/ibtt/tradeandtaxation/data-privacy/.