Almost every client with Richards Rodriguez & Skeith, LLP collects sensitive information about their customers. For a lot of business owners, one of their worst nightmares is waking up and finding out that their customer data has been breached. We often phone calls from Texas business owners who are seeking an answer to a single question after a data breach: what now?
For Texas Businesses, the ‘what happens now’ really depends on the Texas Identity Theft Enforcement and Protection Act. This may sound like a mouthful, but this Texas statute tells business owners what they need to do if their system has been breached and your customers’ information has been stolen.
The first question that a Texas business should be looking at is the type of information that was stolen and determine whether that information counts as sensitive, private information for purposes of the act.
As a business owner, once you’ve determined that sensitive, private information of your customers has been stolen – what do you do then? Firstly, the act requires you to notify each one of your customers who had sensitive, private information stolen. Business owners should try to notify the customers as soon as possible and when practical.
In a nightmare-like scenario when you’ve had over 10,000 customers’ information stolen, not only do you have to contact each and every one of those customers, but you also have to notify each of the national credit bureaus. What we advise our clients is the best way to deal with a data breach is to be prepared beforehand. Here’s what Texas business owners can do to prepare in the event of a data breach:
Have a well-prepared plan in place
Firstly, have a written data-breach plan where you and everyone in your organization know what to do after a breach of sensitive, private information. This plan should include who to contact, who in your organization will be contacting those affected, and who has the credit reporting information. All of these things will need to be put into place as soon as possible following a data breach.
Encrypt as much data as possible
The second thing you’ll want to do before a data breach occurs is to encrypt as much data as possible. Encryption does provide a level of protection for business owners if the information is stolen. If a business owner encrypts information, but the encryption keys are not stolen – the business must take full responsibility for the data breach and it is not covered under the Identity Theft Enforcement and Protection Act.
Research the cost and availability of data theft insurance
Another step we recommend to business owners to prepare ahead of a data breach is to look into the cost and availability of data theft insurance. This insurance can provide a source of funds so that businesses can take all the necessary steps after a data breach occurs, without jeopardizing their own business cost and expenses. This provides businesses a cushion to do what is needed, without having business owners worry about a single data breach putting them out of business.