A small business must respond quickly if sensitive customer information is lost or stolen. Among other things, you may need to notify the affected customers and state and/or federal regulators. This process will run more smoothly if you have taken steps to prepare in advance of a data breach by creating and publishing your breach notification policy, and by ensuring that your employees are trained to identify and report potential breaches soon after they occur.
- Create a data breach notification policy.
A data breach notification policy tells consumers how your small business will notify its customers if a data breach occurs.
- Train your employees to identify breaches.
Employees need to know how to spot a potential breach and how to report this type of event.
- Immediately gather the facts of a potential breach.
- Notify financial institutions.
If financial information, such as payment card numbers, was compromised, contact the bank or company that manages your payment card processing.
- Seek outside counsel.
Seek attorney assistance as soon as you become aware of an incident that might constitute a data security breach. Your attorney can help you identify which laws might be involved, and whether you need to alert consumers or the government of the incident.
- Notify affected customers.
Notify customers in the manner you said you would in your Data Security Policy.