Cadden & Fuller LLP Cadden & Fuller LLP

A Client-Focused Approach to Business and Real Estate Law

Responding with control during a data breach

On Behalf of | Oct 9, 2019 | Business Transactions |

All companies in California maintain some type of data that is used for the development, operation and support of their organization. Often, a majority of a company’s data is confidential and has to be securely stored to prevent it from getting into the wrong hands. This is especially the case if a company collects and records information about its customers. Appropriate implementation of thorough protocols for securing and accessing information is critical to a company’s ability to protect its most important data.

According to the Federal Trade Commission, two protective measures that businesses can utilize in keeping their data secure include requiring data users to authenticate their identity with multiple different factors. For example, once they input a secure password, they may be required to input a specialized code or username that is exclusive to their department or position within the company. Another consideration is for companies to encrypt their devices to make deciphering data not as readily accessible to just anyone. Encryption should not be limited to devices, but should also be applied to any type of cloud storage, external hard drives or backup discs.

All sensitive data should be backed up in more than one location to provide security in the event an outage or breach end up compromising the integrity of the primary storage system. People who are allowed to have access to confidential information should be required to undergo specialized training designed to help them understand the importance of protecting sensitive information and how to handle situations where they believe such data may have been compromised.

The Federal Trade Commission also suggests that if a data breach does occur, that a team of forensic experts is immediately recruited by the company to take the lead on investigations into how the breach occurred and what could have been done to prevent it altogether. All physical and virtual passageways to data accessibility should be promptly blocked and any false information that was released should be clarified. Companies should immediately modify their authorization credentials to prevent hackers from being able to access the information again.