Best Practices: Preventing, Mitigating, and Responding to a Data Breach
Over the next three weeks Community Merchants USA will be posting a series of articles from Brandie N. Weddle and Laura J. Butte of Arnold & Porter LLP on the prevention, mitigation and response to a data breach.
Following the recent spate of data breaches, including at Target, Neiman Marcus, and the University of Maryland, to name a few, federal and state legislatures have renewed their efforts to enact legislation to protect sensitive personal and account data. Currently, there exists a large patchwork of legislation that requires businesses to provide reasonable security for sensitive information and to notify consumers of a data breach. In addition to the legal framework, businesses who accept any of the major payment cards are contractually obligated to comply with the industry best practice standard.
Businesses and organizations of all stripes, from small brick and mortar retailers to multinational distributers, acquire and maintain archives of sensitive data and should have a plan in place to prevent, mitigate, and respond to a data breach. In part because of the wide net cast by criminals and the patchwork of governing legislation, there is not a one-size-fits all approach to drafting a data protection plan. However, it remains incumbent upon businesses to know their business and to take steps in line with business needs and the level of risk to protect sensitive data.
The following are three components that are necessary to any effective data protection plan that can be scaled down or up for implementation in any type of business:
- Preventing a data breach
- Mitigating damage from a data breach
- Responding to a data breach
Tags: Transaction Safety