Hiscox: Business Data Breaches

January 26, 2012

Bermuda’s Hiscox yesterday [Jan. 25] advised  companies to have resilient plasn in place to deal with data breaches following the announcement of a new proposed European data protection law.

Matthew Norris, an e-risk and privacy expert at the Bermuda-headquartered international specialist insurer, said: “The data loss notification aspect of the new proposed law is part of a wider picture of increasing pressure on companies to be able to detect and respond to data breaches quickly.

“Some businesses have suffered high profile data losses in the past year and the speed and response in such cases is crucial in limiting the adverse effects of a breach.

“The proposed law directs that certain internet businesses need to contact regulators within 24 hours after an attack, and data subjects “as soon as reasonably feasible” but it can be challenging for a company to be able to report on a complicated data breach within that time. Realistically many breaches will still be in the process of being forensically investigated at this stage, making it all the more essential to have an incident response plan agreed and in place.

“This means the business will be able to respond with as much detail as possible in as short a period as possible. This is especially important to minimise damage to the brand and avoid potential penalties.”

“It is essential for small and medium enterprise businesses to have a resilient incident response plan to minimise the damage in the case of a data breach. In preparation for a breach such a plan would include:

  • Nominate an individual who is responsible for swiftly initiating contact with the forensic company in the case of a breach
  • Determine when it is appropriate to involve a lawyer, for example to maintain legal advice and litigation privilege if the forensic report reveals adverse facts
  • Nominate a forensic company to work with in the case of a breach
  • Agreement with the forensic company on the type of instructions and contract it requires to start work
  • Agreement of the hourly rates from the forensic company as part of the contract.


Read More About

Category: All, Business, technology