The Federal Trade Commission has released a free, comprehensive data breach guide for businesses.*
*Download here: https://www.ftc.gov/system/files/documents/plain-language/pdf-0154_data-breach-response-guide-for-business.pdf
The Commission has broken down breach response to a 3 step process: secure your operations, fix vulnerabilities, and notify the appropriate parties.
Each step includes sub-tasks such as consulting experts to identify vulnerabilities in your business systems.
It’s a good idea to add an analysis of your business data protection policies to your regular year-end review process.
Begin with a review of policies and procedures for employees who handle sensitive customer information and make sure employees are well-trained to follow your procedures for data protection.
Next, review your polices for safe internet and email use, and make sure all of your employees are trained to follow basic internet and email safety practices.
For more guidance, check out https://staysafeonline.org/business-safe-online/train-your-employees.
Take time to look at your network safety.
What information is collected on your website? How it is protected?
For more information see: https://www.ftc.gov/tips-advice/business-center/guidance/protecting-personal-information-guide-business.
Be sure to look at state laws.
Chapter 521 of the Texas Business and Commerce Code requires businesses to protect personal information collected from consumers. If your customer data is breached, in most cases you must notify customers whose data may have been compromised.
Failing to have procedures in place to protect consumer information carries steep penalties.
The Texas Attorney General’s Office provides guidance for businesses here: https://texasattorneygeneral.gov/cpd/protecting-consumers-personal-data.