It’s not a matter of if your company will face a data breach, it’s when; and state officials say you need to be ready with a plan.
State consumer protection administrator Lara Sutherlin says responsibly handling a data breach requires two main parts.
“Make sure you’re doing everything you can to shut down further information from being released from your business, and that the people that may have been exposed are quickly notified and can act on that information.”
Sutherlin says part of any response to a data breach needs to be disclosure to consumer protection agencies.
“DATCP can always help people who’ve been exposed to a data breach, the FTC can help, regulators can be a partner in trying to figure out what happened.”
Sutherlin says trying to hide a data breach will only work for a short time before someone notices what’s happened, and then not only will you have egg on your face, you could face penalties for concealing a loss of information.