When your company’s data is leaked, you have to respond quickly. And on top of trying to put out fires, you have to satisfy reporting requirements. These requirements can come from many sources: GDPR, HIPAA, various state laws, etc.
Some jurisdictions give you very little time. For example, GDPR Article 33 only gives you 72 hours. HIPAA gives you 60 days. US state laws are mostly somewhere in between.
Your required response may vary depending on whether the leak is classified as a security incident, a privacy incident, or a data breach. Your response may also depend on the content of the data, such as whether PHI is involved.
We can help you assess the privacy implications of a data incident or breach, working with your legal team to determine how to proceed. This involves evaluating whether the data could be considered deidentified and give you an idea whether or how an attacker could use the data. We can also advise you on how to prevent privacy breaches in the future.
Call now to get started.
Trusted consultants to some of the world’s leading companies
