FTC Releases New Guide for Responding to a Data Breach

The Federal Trade Commission (FTC) in September 2016 released new guidance that provides businesses with a step-by-step process for addressing and responding to data breaches, such as how to secure areas of operation, how to fix communication or technical vulnerabilities, and whom to contact in the event of a breach. The guide suggests consulting legal counsel and assembling a forensics team to identify the source and contain the breach, then contacting appropriate agencies such as law enforcement and affected businesses or individuals. For breaches of electronic protected health information, the guide lists the HIPAA breach notification rule and the forum for reporting, as well as FTC's compliance guide to ensure federal regulations are followed.