Data breach is one of the most serious issues affecting organizations today. Security breaches can occur due to theft, a purposeful attack on the company’s document management system, unauthorized access and use of personnel data by a member of the staff, accidental loss, or equipment failure.
Hackers usually get away with customers’ credit and debit-card records, badly damaging the organization’s reputation and profits. Names, phone numbers, email and mailing addresses are usually targeted.
Handling a Customer Data Breach
The Better Business Bureau, the nonprofit organization in the U.S. that focuses on building trust in the marketplace, offers the following advice to help organizations handle data breaches:
- Publish a Data Breach Notification Policy: The company is responsible for informing customers about the data breach by creating and publishing a data breach notification policy. This can be done quickly and affordably via email or publication. Before sending notifications, the firm should consult seek legal advice on the notification delivery method as it differs among states.
- Train Employees to Identify Data Breaches: Company employees should be given training on how to identify a potential customer breach and the ways to report it. This can be done by
- Creating awareness on what things constitute a data breach (for example: inadvertently sending information to the wrong person via mail or email)
- Instructing them to report any event where personal information is accessed, acquired by, or shared with an unauthorized person
- Creating provisions for confidential reporting of a data breach
- Immediately collect the facts of a potential breach: The company should investigate the facts surrounding data breach. Their investigation should analyze facts such as:
- Whether the data was in digital format or in paper based format
- If in digital format, check whether it was encrypted
- The number of victims of the data breach
- The residing state and country of the affected people and the languages they speak
- Who acquired the data
- Whether the data is susceptible to misuse
They should also identify whether the hacked data include customer names and/or addresses, financial account, payment card numbers, birth dates, Social Security numbers, and any other information that could be linked to specific consumers.
- Notify financial institutions regarding the data breach: If the data breach includes hacking of financial information such as payment card numbers, the financial institution that manages the payment card processing should be contacted.
- Seek the Services of an Attorney: Once the data breach is confirmed, the company should seek the assistance of the attorney to identify the laws that might be involved, and whether the company should alert consumers or the government about the incident.
Document and data management and their security is becoming a top concern for companies, especially for those in data driven businesses such as finance and retail. A recent report says that analysts expect businesses across the world to spend a total of $30 billion on cybersecurity in 2014.
Using a secure electronic document management system with proper user authentication can help minimize data breach risks and ensure that sensitive information is accessible only to authorized users. The use of redaction tools can block sensitive information from unauthorized viewing. Document scanning, microfiche scanning and microfilm scanning can convert records into secure electronic files. If these services are outsourced, the organization should take care to choose a document scanning company that uses encryption for data transmission and data protected computer systems that can protect classified information.