What to do after a data breach, and how to avoid lawsuits

As any company that deals with sensitive customer information knows, the threat of a data breach is an ongoing concern. Companies often combat this threat with sophisticated security software designed to protect personal and financial data.

While prevention is important, it is also important to have protocol in place regarding what immediate actions need to take place in the event of a data breach. This should include steps your company can take to potentially avoid data breach lawsuits from consumers.

A data breach has occurred - now what?

The IRS has a webpage that contains basic steps to follow after a data breach, which includes contacting:

  • IRS and law enforcement - Report client data theft to your local IRS Stakeholder Liaison. Contact your local FBI office and file a police report with local police.
  • Each state where you prepare tax returns - Report the incident to tax agencies and to the office of the attorney general for each state where your company pays taxes.
  • Your insurance company - Report the breach and see if your policy covers data breach mitigation expenses
  • Your customers/consumers - Send individual letters to those whose personal or financial data has been compromised. Include former clients who are still in your system.

What can be done to prevent data breach lawsuits?

How a company handles a customer data breach can be vital to avoiding litigation. Although it sometimes can be difficult to avoid lawsuits, below are five steps that can help.

  1. Run data breach simulations - Perform breach scenarios to help executives prepare for a cyber attack, know performs each role and respond quickly in an actual emergency.
  2. Carefully examine third-party vendors - Often data breaches can occur due to poor cyber security at outside vendors.
  3. Be mindful of what you say - Watch what company representatives say in public after a data breach, it could be used against you in court.
  4. Know the law - speak up quickly - Many states, including Florida, have laws requiring companies to inform customers of a data breach, and do so in a timely fashion.
  5. Offer credit monitoring services to customers - In the wake of a data breach, provide customers with services that can monitor credit and search for identity theft.