Why do I need to report a data breach?

FTCThis is a common question that business owners ask me all of the time. In response, I rattle off a laundry list of reasons why reporting is not optional — but mandatory. This includes ethical stewardship and obligations, business and public relationship reasons, and finally legal obligations that make it mandatory.

Some still think I am just Chicken Little claiming the sky is falling, but so it goes as some people just can’t be helped.

Thanks to the FTC, I now have another reason to give them. It fits into the legal obligations requirement and, while implicitly, most of us in this profession knew this all along, it never helps like an agency like the FTC just comes right out and says it: The FTC said that it looks ‘favorably’ on firms that report data breach.

“In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach,” said Mark Eichorn, the agency’s assistant director for privacy and identity protection.

There you go, simple enough? Yes, you must report the data breach. Period. End of story.

Read more via FTC looks ‘favorably’ on firms that report data breach | TheHill.

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading