The Federal Trade Commission (FTC) has just announced the release of Data Breach Response: A Guide for Business, a detailed guide on how to respond to various breach scenarios and whom to notify in the event of a breach.
Earlier this year, the FTC overturned the Administrative Law Judge’s ruling in the FTC vs LabMD case, essentially re-asserting its authority as the Federal agency responsible for data security enforcement. The reversal allowed the FTC to enforce “reasonable” data security practices without evidence of harm. They have spent the interim months re-enforcing this position, with the latest move being a joint statement with the Office for Civil Rights (OCR) re-iterating that the FTC has independent authority over HIPAA-covered entities.
The new FTC Data Breach Response Guide further re-enforces the FTC’s position as the main federal regulator for data security practices. Through its education program, the FTC outlines that the exact steps in a breach respond depend on the nature of the breach and the structure of your business, but that preparedness includes having a data breach response team and plan in place, allowing you to expedite breach response and minimize the damage.
Breach response will include quickly deploying your team of experts, which may include independent investigators, and stopping additional data loss without compromising the forensic investigation process. Once your operation is secure, the FTC offers several suggestions on how to fix vulnerabilities and how to determine the appropriate parties to be notified. This section provides recommendations on data breach notification that may go above and beyond State notification requirements; detailed information and quick response are key to helping to minimize the damage of a data breach.
The ability to quickly respond to and to contain a security incident is key to preventing a security incident from becoming a full-scale data breach or, in the case of a breach, mitigating the costs associated with a lengthy containment and response.
Using Absolute DDS, you can instantly determine the potential (or existing) conditions that could compromise your ability to comply with corporate and government regulations, giving you insight into your deployment and data before a data breach occurs. With automated alerts if device or user behavior shifts, you can automatically monitor your encryption status, your SCCM status, set risk triggers and monitor sensitive data, no matter where it is. With a persistent connection to each device, you can assess risk and apply remote security measures so you can protect each endpoint and the sensitive data it contains - and prove it, with a full audit report. Learn more here.