|By: David Cole
FMG is pleased to announce the availability of a new FMG Data Breach Toolkit. The toolkit consists of policy and form documents intended to provide your organization with everything it needs from a document standpoint to help prevent a data breach from occurring and respond effectively if one happens.
Included in the Toolkit are :
- Data Security Plan for maintaining the security of sensitive information that employees may access during their employment;
- Data Breach Response Plan with procedures to be followed in the event of a data breach, such as the creation of data breach response team, steps for identification and assessment of the breach, containment and recovery of the breach, and notification to affected individuals, employees, and the public; and
- Multiple form documents to be use during execution of the Data Breach Response Plan, including a data breach incident reporting form, data breach response checklist, chronology of events to document steps taken, chain of custody forms, and sample breach notification letters and website provisions.
- Access to our firm’s Cyber Emergency Response Team (see here).
Studies consistently have shown that organizations that implement these preventive policies are less vulnerable to attacks and save a lot money when responding to a breach. For instance, the 2015 Ponemon Cost of Data Breach Study, released in June, reported that that some of the best preventative and cost-reducing measures for any organization are to adopt a data breach response plan and train employees on it and on data security in general. As the report stated, “[t]he most profitable investments companies can make seem to be an incident response plan . . . employee training, [and] board-level involvement[.]” The Ponemon report found a per record cost of response in the United States of $217. However, implementing an incident response plan ahead of time dropped the per-record cost by $12.60, conducting employee training on information security practices reduced costs by $8 per record, and having board involvement in cyber security policy development lowered costs by $5.50 per record.
If you have been reading our blog (see here and here) or attending our seminars, then you know this issue has been a point of emphasis and concern for clients. It is essential that every organization not relegate data security and privacy to the IT department, but instead make it a “board room issue.” In addition, just like every organization should have an employee handbook that sets forth your personnel policies, every organization should have in place a data breach response plan that is part of your training to employees.
To discuss the toolkit for your organization, as well as training that is available for your workplace, please contact one of our Data Security, Privacy and Cyber Liability Practice Team attorneys:
David Cole - Partner in Charge (Atlanta office)
(770) 818-1287 (o)
(404) 805-6558 (c)
John Goselin - (Atlanta office)
Matt Foree - (Atlanta office)
(770) 818-4245 (o)
(678) 907-8139 (c)
Robyn Flegal - (Atlanta office)
(770) 818-1429 (o)
(678) 544-9734 (c)
Amy Bender - (Tampa office)
(770) 818-1421 (o)
(404) 664-0008 (c)
Agne Krutules - (Atlanta office)
(770) 303-8636 (o)
(404) 906-4744 (c)
Jonathan Romvary - (Philadelphia office)
(267) 758-6009 (o)
(609) 304-2883 (c)
Kacie Manisco - (San Francisco office)
(415) 689-1215 (o)
(909) 969-3757 (c)
Jeremy Rogers - (Tampa office)
(813) 367-2128 (o)
(813) 362-0353 (c)
Melissa Santalone - (Tampa office)
(813) 975-7236 (o)