On October 25, 2016, the Federal Trade Commission (“FTC”) issued a guide and instructional video regarding how to respond to a data breach. Both the guide and video are available at this link, which also contains a summary by the FTC.
The FTC’s guidance is not binding, but it is important because it is likely to be used as a benchmark by other government agencies and by plaintiff’s lawyers who are trying to prove that a company acted negligently in responding to a data breach.
Among other things, the FTC’s guidance discusses:
- Securing a company’s operations in response to a data breach while not destroying forensic evidence;
- Fixing vulnerabilities; and
- Notifying appropriate parties.
- The FTC’s guidance helps show why companies should work proactively with attorneys to develop a game plan before a data breach occurs.