Click this Link for the full article published in MD News Cleveland/Akron/Canton Edition, July/August 2018
Data Breaches & the Importance of the Data Breach Response Playbook
As a continuation of our cybersecurity compliance series, I share the top five elements of a data breach response playbook. Discovering that you have been subject to a data breach naturally lends itself to panic, chaos and confusion. But it doesn’t have to. If you plan for a data breach in advance through the creation of a playbook, you can significantly minimize the risk of missing an important step in the investigation, response, and mitigation of the breach.
1. Recovery and Mitigation Process: Outline the systems, people, and processes that will serve to detect, stop the intrusion into your systems, and recover your data with minimal disruption to your business.
2. Define who and what functions serve on the response team: Hint, the list should not be limited to your information technology team! You may need external resources as well, including media relations, legal counsel, and forensic investigators. Have these resources defined in advance and informed of your cybersecurity practices.
3. Internal Communications Plan: How will you ensure that all resources on the response team are timely notified?
4. External Communications Plan: Communication to your clients, patients, media, and regulators should follow a format and plan created in advance. A poorly executed notice to the outside world can damage your reputation, goodwill and trust.
5. Process Improvement: Once you have invested the time in creating the playbook, do not throw it in a drawer or leave it on a shelf to collect dust! Train, communicate, and look for ways to improve the plan on a regular basis. It’s tempting to download a form playbook from the internet and fill in your company name at the top of the page. Resist this. The playbook needs to be customized for your business to be effective.
NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.
Allison E. Cole is an attorney with the law firm of Krugliak, Wilkins, Griffiths & Dougherty Co., L.P.A. in Canton, Ohio.