Legislation Changes in New Jersey
According to the Privacy-rights.org, over 864 million personal records have been breached in the U.S. since 2005. That number is sure to increase. In New Jersey, legislative action is being taken, with an expansion in the types of data breaches that local businesses are required to disclose.
Just last week, a New Jersey state Assembly panel cleared a bill that says businesses and public entities must notify consumers of breaches involving usernames and email addresses, in combination with a password or security question-and-answer. The current law, similar to Pennsylvania’s, says disclosure is only necessary if there’s a breach involving consumers’ first name or initial and last name, along with Social Security numbers or credit card numbers, in combination with any required security code, access code or password.
For residents of New Jersey, Vernick said it’s a good thing. But for businesses, “it may not be as welcomed…because this obviously extends the scope of what they need to do.” Plus, it can be pricey.
Anymore, it’s not a matter of if your company is breached, but when. While it’s important to take the steps necessary to prevent a breach, preparing for an actual breach is also critical. What do you do when your company has had a breach?
What do you do when your company has been breached?
Every company should have an incident response plan. With that plan, it is important to contact a competent privacy and security attorney, someone who has experience with data breach cases, not just a general practice attorney. An experienced attorney can help evaluate the scale of the breach and the legal issues involved and advise your next steps.
There may also be regulatory liability, as well as liability from third-party claims, so the company suffering the breach should notify their insurer as soon as possible. There are insurance programs that can provide services, but these insurance programs should be in place before the data breach occurs. Do not wait until after the breach. Contact your insurance agent to learn more about cyber insurance before you are in a bad situation.
Going Public
After a breach occurs, the company needs to go public with the information. Before going public, it is recommended that the company is prepared and can answer these questions:
What happened? Why did it happen? What is your company doing to prevent it from occurring again? What does this breach mean to my customer?
In addition, the company should take the following steps: make good any promises such as providing credit monitoring for a specific period, reinforce your security practices and retrain employees on proper procedures, demonstrate to the public and your constituents that the company has taken affirmative actions and has learned from the experience, take steps to prevent it from happening again.
Ways to avoid data breach
- Encrypt your devices
- Keep patches up to date
- Use complex passwords
- Watch for phishing
- Make sure you are sending emails to the right person
Contact LG Insurance Agency in Long Branch, NJ to learn more about cyber insurance and protecting your business.
All content provided in this blog is for informational purposes only. Topics discussed on this blog relate to insurance products and issues in a general application, and are not an offer of insurance, a guarantee of coverage, or applicable to specific and individual circumstances. Contact LG Insurance Agency for questions and information specific to your insurance needs.
