How Can We Prepare For And Respond To A Data Breach Of My Company?
If you have information online on consumers, it’s a question of when and not a question of if there will be a data breach. Good security measures, like firewalls, passwords, and employees who have been trained on phishing emails and malicious software can help prevent it. If it happens, the company is not going to be held liable simply because there was a breach. The question is going to be whether you responded appropriately to it as quickly as possible and gave notice to your customers. This is why it’s important to have a written data breach policy.
The policy would include who in the company is the first responder. This person is going to be the spokesman for the company and decide whether or not you’re going to call law enforcement. It’s going to identify the law firms that you want to get involved. It is a good idea to have a law firm on retainer that you can call in the event of a data breach. The calls you make to your lawyer about what has happened become attorney client-privileged and can help protect you later, if an investigator wants to look into what your practices were and how you handled the breach.
If you were just sending a customer’s name and their social security number in unencrypted text around the company, that’s probably not going to be seen as reasonable standards. If you had safeguards in place and the breach happened anyway, and you responded as quickly as you could, complying with all of the breach notification laws, that will probably reach reasonable standards and avoid fines and bad press.
What Are The Penalties And Consequences Of Being Found Not Compliant With The GDPR?
The maximum fine under the GDPR is four percent of global revenue. If you are a major global company, that can be a pretty substantial number. The French data protection authority fined Google 50 million euros earlier this year. The complaint against Google was the fact that their privacy policies were so hard to follow. Every product under Google had a different privacy notice. The French data protection authority says that they weren’t giving adequate notice to consumers.
We don’t know what the minimum fine is. There have been a number of fines issued but we don’t have enough data yet to really be able to predict anything. It’s going depend on which data protection authority you’re dealing with and which country you’re in.
For more information on Preparation And Response To A Data Breach, an initial consultation is your next best step. Get the information and legal answers you are seeking by calling (615) 802-9119 today.