Opinions expressed by Entrepreneur contributors are their own.
Key Takeaways If you experience a data loss incident today, you have only 72 hours to notify the authorities and the impacted users. You must also clarify what happened and what you’re doing to rectify it.
This means data breaches aren’t just an IT problem anymore. It’s now an all-hands-on-deck situation where legal, PR and leadership teams all need to get involved as well.
Quick recovery processes that allow for definitive impact assessment can serve as a competitive advantage. You gain customers’ trust and land in the good books of regulators.
Dealing with a data loss incident is no longer the exclusive purview of an IT team in an organization. To put the issue in context, if your organization encounters a data breach incident today, you have only 72 hours, not just to notify the authorities, but also to notify users who have been impacted. Additionally, you need to clarify what has happened and what you are doing to rectify the situation.
A data loss incident today becomes an all-hands-on-deck situation where legal, PR, IT and leadership teams all need to get involved. Now, if your organization has not adapted to this new normal, you are probably one incident away from a rude and costly wakeup call.
Related: Data Loss Could Destroy Your Company. These Best Practices Will Protect You.
The regulatory environment has witnessed a sea change
Over the last ten years or so, the regulatory environment related to data protection has shifted drastically. The European Union was one of the first of the blocks, rolling out the trailblazing GDPR act, which prescribes a strict no-nonsense rule mandating disclosure of any data loss incident to authorities within a 72-hour window.
Others, like CCPA and HIPAA, have followed suit, and suddenly, companies were looking at a staggering challenge where they needed to recover from a data loss incident and also simultaneously report the scope and related aspects to authorities. Compliance failures can lead to astronomical fines, up to 4% of global revenues in the case of GDPR. In the case of large corporations, such fines can run into several million dollars.
... continue reading