Personal information (social security numbers, credit card numbers, bank account numbers, even name and address) has become a leading target of cyber criminals.  With your client's personal information in your possession, understanding your state privacy laws and having a timely response plan is essential.

So, what do you do if you have a Data Breach and some of your client’s personal information is compromised?

First, review your State Security Breach Notification Laws.  At this time, all but four states (Alabama, Kentucky, New Mexico, and South Dakota) have enacted Data Breach Notification Laws. 

See State Security Breach Notification Laws (http://www.naplia.com/resources/state_security_breach_laws.shtml)

Second, determine who should be notified:

• Law Enforcement
  • When the compromise could cause harm to a person or business, you should first contact your local police department.
• Your Insurance Carrier
  • Your insurance policies likely state that if you are aware of circumstances that could potentially lead to a claim you must notify them at your earliest convenience.  When in doubt, contact NAPLIA for assistance.
• Affected Businesses
  • The compromise may impact businesses other than yours including banks or credit issuers
• Individuals
  • early notification to individuals whose personal information has been compromised allows them to take steps to mitigate the misuse of their information.

The FTC has excellent resources to assist you in making these determinations and “Dealing with a Data Breach”,  http://www.ftc.gov/bcp/edu/microsites/idtheft/business/data-breach.html

For more information including a sample client notification letter visit our website, http://www.naplia.com/resources/identity_breach.shtml