- Cyber Terrorism: How Insurance Can Help Mitigate Damages
- Cyber Liability Insurance – Network Asset Protection Coverage (Video)
- Data Breach and Your Damaged Reputation
- Cyber Liability Insurance – Security and Privacy Liability Coverage
- Common Data Threats and Vulnerabilities
- PCI DSS Compliance and Cyber Liability Insurance
- Cyber Liability Insurance – Privacy Breach Response Coverage (Video)
- Upgrade Your Internet Security: Risky Cyber Behaviors to Avoid
- Password Security Tips
- Top 3 Data Breach Myths (1/4)
- 8 Tips to Prevent Data Breach (2/4)
- How to React to a Data Breach (3/4)
- Protecting Your Business from Costly Data Breach Damage (4/4)
- Private: Will you be Blindsided by a Data Breach?
- 7 Common Causes of Data Breach
- Hacked! How to Comply with Data Breach Notification Laws
- Private: Video: Dealing with Data Breach
- Password Storage Solution
- Best Practices When Connecting to Public Wireless Internet
- PHISHY PHONE CALLS
- Don’t Be a Victim of Email Scams
- Password Best Practices
- What Your Business Needs to Know About Ransomware and Cyber Extortion
- Multimedia Liability Insurance Coverage
- Cyber Liability: Privacy Regulatory Defense & Penalties Coverage
Unfortunately, your business is never 100% protected from data breach crimes, so it’s important to be prepared to respond if you should become a victim. In the event of a data breach, businesses must comply with data breach notification laws. Although data breach notification laws vary by jurisdiction, generally businesses must notify consumers whose personal information has been compromised by a security breach.
Who is required to give notice?
The law applies to data collectors. This includes government agencies, public and private universities, privately and public held corporations, financial institutes, retail operators and any other entity that handles, collects and deals with non-public information. As a business handling Personally Identifiable Information (PII), you must give notice.
When must notice be given?
As soon as the owner or collector of the personal information discovers a security breach of their system, the notification must be made in the most expedient time possible and without unreasonable delay. This should be consistent with any measures necessary to determine the scope of the breach and to restore the reasonable integrity, security and confidentiality of the system.
What notice must be given?
The notice of the breach must include, but is not limited to:
- The toll-free numbers and addresses for consumer reporting agencies
- The toll-free number, address, and website address for the Federal Trade Commissions
- A statement that the affected individual can obtain information from these sources about fraud alerts and security freezes
How must notice be delivered?
Notice of an unauthorized acquisition of personal information must be given to the affected individual by at least one of the following methods:
- Written notice
- Electronic notice
- Any other reasonable notification system maintained by the data collector as part of its information security policy (as long as it is made as soon as possible)
- If the cost of provided notice exceeds $250,000 or if the number of people needing to be notified exceeds 500,000, substitute notice may be allowed by:
- Email notice if available
- Conspicuous posting of the notice and disclosing entity’s web page and
- Notification to major statewide media
Again, it is important to verify the data breach notification laws in your jurisdiction. Find more information on our blog about data breach and what business owners need to know.
Are you covered? Society’s comprehensive cyber liability insurance provides data security and privacy coverage, expert claims handling, and data breach response services. Contact your local Society agent to discuss this extra layer of protection for your business.
