• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT News - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Tech Trends
  • Subscribe
 

You are here:

  • Home
  • Big data analytics News
  • What to do next if you suffer a data breach

What to do next if you suffer a data breach

18 August, 2017 at 10:59 AM

Posted by: George Malim

What to do next if you suffer a data breach
Emma Roe, Shulmans LLP

Any type of data breach, whether due to an external hacking incident or an internal staff error, is a significant issue that needs immediate attention, writes Emma Roe, a partner and head of commercial at law firm Shulmans LLP. 

A key aspect of the legal requirements surrounding a data breach is to demonstrate that your business or organisation takes the issue very seriously and is proactively seeking to not only protect any individuals who may be affected, but is also taking active steps to improve systems and processes quickly to prevent a similar issue occurring again. Communications following a data breach, both internally and externally, need to be carefully managed to convey these key messages effectively. In the immediate aftermath of a breach the most important thing to establish, as quickly as possible, is exactly what data has been compromised and the number of individuals affected.

You need to focus on confirming exactly what has happened and how any risks created can be mitigated, prepare your statement and reassure your customers and employees that you are in control of the situation.  Knowing precisely what you are dealing with is key in the early stages to allow you to manage the next steps around communication.  Whilst it is important to act without delay, don’t feel that you need to rush to make available information about a data breach incident until you have been able to verify it. Internally, communications need to take a structured approach to support a swift investigation and establish exactly what data has been compromised and to what extent.

Under current laws in the UK there is no mandatory requirement to notify the regulator, the Information Commissioner’s Office (ICO), or the individuals affected. However changes to the data protection laws, which will come into effect within the next 12 months, will require any business that experiences a data breach to report it to the ICO within 72 hours of becoming aware of it, and then to notify affected individuals if the breach is likely to impact on their rights and/or freedoms. In turn, this will mean that having a rapid response approach to breaches will become even more critical in the near future.

Once you’ve determined which legal requirements you are required to fulfil regarding notifying the ICO and affected individuals, and whilst ensuring you are not disclosing any confidential information, key messages to be relayed publicly should be kept short and aim to include:

  • any reassurances you can give regarding how serious the breach is
  • general information you can give about what type of data is affected
  • advice to individuals on how to prevent identity fraud which could occur as a result of using the information which may have been compromised

This information should only be issued in a manner which does not impact on any ongoing investigation into the incident itself or any attempts to further protect systems and data following the breach.  However, if you are able to confirm that no payment related data, or medical or health related data is involved, this can be a useful message to begin reassuring the public.

You should also provide information regarding the communication that the affected individuals can expect from your business following the breach.  Where possible, share security assurances such as confirming that you won’t be contacting any of your employees or customers via email or phone asking for passwords or account details in the coming weeks.  This will provide reassurance to your community; it shows that you care about their individual safety and that you are working towards a solution.  If personal passwords have been compromised, sharing details of how users can change their passwords is also a good place to start.

Finally, it’s worth bearing in mind that it’s not just the breach that needs your attention during the immediate incident response phase, but also the channels of communication you use to contact the affected individuals to educate and inform them about the situation.  It’s important to think about how best you can ensure that any messages surrounding the data breach efficiently reach those who may be affected.  In addition to a press statement, you should also consider issuing information to your customers and employees either via an email newsletter, by post, or even a banner and news article on your website homepage.  This will ensure that the message reaches anyone affected as quickly and as transparently as possible.

 


category: News, News, Risk & Compliance, Security

Tags: breach, Data Security, hacking, ICO, Information Commissioner’s Office, notification

VanillaPlus Q3 Magazine
 

VanillaPlus Magazine Issue 1 2022: Why IT must catch up with OT to enable 5G monetisation

Is creativity a bridge too far for CSPs? As communications service providers (CSPs) engage in new digital value chains, collaborate with partners and participate in multi-directional business models, George Malim shares a tale of two bridges

READ NOW

Comments are closed.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2022 VanillaPlus - The global voice for telecoms IT. All rights reserved.