As reported in the Privacy & Information Security Law blog, October 25, 2016, the Federal Trade Commission published a guide for companies on how to handle and respond to data breaches ("Guide"). The 16-page tutorials that companies should take when they become aware of a possible crime. The guide also emphasizes the need for cyber-specific insurance to compensate for potentially significant response costs.
The guide shows several steps that a company should take care of if it suspects or confirms that a data breach has occurred. These include hedging operations, determination of vulnerabilities, and notification of appropriate parties. According to the manual, companies should consider "gathering a team of experts to carry out a major breach", including independent forensic investigators and external legal advisers.
The manual also emphasizes the importance of the notification of infringement and emphasizes that the notification should be made to individuals, other relevant companies, regulators and law enforcement, taking into account all applicable law on law violations and federal state infringement provisions ( eg. HIPAA's Infringement Notice Rule or Gramm-Leach-Bliley Act. The guide also highlights the need for appropriate notification to allow stakeholders to take action to protect their information as soon as possible and provide a model breach letter.
Finally, the wizard acts as a different reminder for companies to ensure that their cyber security program includes both adequate security protection for security and appropriate insurance coverage areas, including first-party and third-party insurance funds. Failure to maintain any component may prevent an appropriate cyber response and limit or exclude coverage for any consequences of cyber losses and costs.