Experts predict that the next wave of litigation against businesses may involve cybersecurity and the failure of businesses to implement pragmatic protections to avoid or minimize the theft or disclosure of private personal information (PPI) or confidential customer information. While insurance may be available to cover some of these losses, the risks to your business and its reputation could be substantial.
Nothing provides immunity from liability, but these steps could decrease liability, exposure or loss:
- Assess the data you collect, where it is stored and how it is used.
- Make educated decisions about what data to collect and/or retain.
- Understand how you use and share the data you collect and retain.
- Evaluate the locations where sensitive data is stored and its security.
- Restrict access to sensitive data to trusted employees and agents who need to know.
- Require secure authentication passwords for access with frequent changes.
- Routinely monitor your data storage and collection network for breaches or hacks.
- Know your vendors and service providers’ data protection policies and procedures.
- Have written privacy and data destruction policies tailored to your business.
- Communicate your policies to all appropriate people.
- Train employees to follow privacy policies and procedures.
- Provide where to direct complaints and have and have a plan to address with them.
- Ensure that security vendors are qualified to provide appropriate services.
- Regularly review your efforts and methods to protect information.
- Keep apprised of the legal requirements applicable to your business and its data.
- Stay current with government, industry and association standards and best practices.
- Know what your current insurance policies require and cover.
- Develop an incident response plan to address any breach.
The lawyers of Brooks, Tarulis & Tibble, LLC have addressed many of these issues for our clients and worked with other professionals who address them. If you have any questions or if we can assist you in this regard, please contact us.