The quicker a company can identify and contain a data breach, the easier it is to limit its financial damage. Achieving that rapid response depends on prior planning and practice. This article lists five steps to follow in the 24 hours after a breach, beginning with evaluating the situation and assigning tasks to your team.
IT executives need to stay up to date on the status of data-breach notification laws, David Geer writes. "When you have an incident that affects consumers throughout the country, you have to craft a response that complies with all the state laws, which is a challenge. It's even impossible where there's an outright contradiction between two different laws," lawyer Kristen Mathews says.
California lawmakers have mapped out what companies must disclose to customers following a data-breach incident. Enterprises must provide specifics on the type of data lost or stolen, what exactly took place and provide the information in a timely manner.
Sony said Monday that the data breach that exposed the private accounts of an estimated 77 million PlayStation Network and Qriocity users in April is worse than previously thought after it discovered that hackers also gained access to the personal data of nearly 25 million Sony Online Entertainment subscribers.
The Senate Judiciary Committee voted to advance two bills this week that would require agencies and businesses to inform victims and authorities about data breaches. Supporters of the Personal Data Privacy and Security Act and the Data Breach Notification Act said the laws will enhance security for consumers while clarifying rules for companies that must comply with multiple states' laws.