The Firm Clients Call When
Winning is Everything

What to do after a data breach to avoid potential lawsuits

When a business deals with sensitive customer information, it is important to implement measures to avoid a data breach. Many companies employ a range of preventive measures, including thorough employee training and sophisticated security software.

While prevention is indeed a key component to fighting against the threat of a data breach, it is also vital to have protocol and procedures in place to employ if a data breach occurs.

Following a data breach, there are steps that should be followed. This includes contacting the following:

  • IRS and law enforcement – Report theft of client data to your local IRS Stakeholder Liaison. Contact your local FBI office and file a police report.
  • States where you prepare tax returns – Report the breach to tax agencies as well as the office of the attorney general in every state where your company pays taxes.
  • Insurance company – Report the breach to your business insurance carrier and ask if your policy covers data breach mitigation expenses.
  • Your customers/consumers – Send individual letters to everyone whose personal or financial information has been compromised, including former clients who are still in your system.

Additionally, the following are five steps that can help you avoid potential lawsuits:

  1. Perform data breach simulations to help employees prepare for a cyber attack, know who performs each role and respond quickly in an actual emergency.
  2. Carefully examine third-party vendors to ensure they have implemented proper cyber security.
  3. Be mindful of what company representatives say in public after a data breach, as it could be used against you in court.
  4. Inform customers of a data breach in a timely fashion.
  5. Offer credit monitoring services to customers to help them monitor credit and search for identity theft.