No business, large or small, is immune to a data breach—and they can be costly. According to the Ponemon Institute’s Cost of a Data Breach Survey, the average per record cost of a data breach was £79 in 2011, and the average organisational cost was £1.75 million.
A data breach is an incident where personal information is accessed and/or stolen by an unauthorised individual. Personal information includes, but is not limited to, national insurance numbers, credit card information, payroll information, medical information, and business and employer identification numbers.
Under the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and subsequent amendments, organisations must follow certain requirements concerning data protection. A breach or a suspected breach must be immediately investigated, and breach management plans should include the following:
- Containment and recovery. Establish procedures to isolate the breach and limit the damage. Consider whether any of the breached data or equipment can be recovered.
- Risk assessment. Perform a risk assessment that rates the amount of the lost information and its sensitivity, the likelihood that the information is useable, the likelihood that it was intentionally targeted and your ability to mitigate the risk of harm.
- Notification. You have a responsibility to notify individuals, the Information Commissioner’s Office (ICO) and/or the appropriate regulatory body for your organisation. Notification should include the type of data accessed and the circumstances of the breach.
- Evaluation and response. It is important that you investigate the cause of the breach and the effectiveness of your response. Review your existing policies and procedures to determine where improvements can be made.
For more information on how to respond to a data breach, visit the ICO website at www.ico.gov.uk.
Contact ProAktive today for resources to support your cyber security efforts. We can help you protect your business and prevent future data breaches.
By Sam Leeder