MDNews - Cleveland-Akron-Canton

July/August 2018

Issue link: http://viewer.e-digitaledition.com/i/1018487

Contents of this Issue

Navigation

Page 17 of 23

OUR FOURTH ARTICLE on cybersecurity will brief ly discuss prepa ring for a nd responding to data breach. W hile it is impossible to deta il a ll of t he Federa l, state, a nd internationa l laws that regulate organizations' obliga- tions w it h respect to data breaches, it i s i mp or t a nt t o u nder s t a nd t h a t orga n i zat ion s mu s t fol low t he laws in the state where their customers or employees are located, not simply where the orga nization is located. If you a re a hea lt h ca re orga nization ha nd ling persona l hea lth information, you may a lready be aware that there are specif ic privacy a nd breach response laws a nd reg u lations. A l most ever y st ate ha s data breach notif ication laws that set out requ i rement s to properly noti f y affected individua ls as well as the state agency responsible for administering a nd en forci n g t he law, t y pica l ly t he state's Attorney Genera l. It is necessary for organizations to plan in advance for a data breach by creating a data breach playbook, which identifies the individua ls and functiona l exper- tise necessary to investigate, respond, and manage the data breach response process. Indiv idua ls w it h ex per tise i n I n for m at ion Te ch nolog y, L e ga l , Insurance, Finance, Communications, a n d Hu m a n R e s o u r c e s s h o u l d b e members of the breach response team, whether sta°ed interna lly within your orga nization or ex terna l ly "on ca l l." Assembling the team for the first time after a breach occurs will result in chaos, unnecessary delay, and disjointed e°orts to mitigate and resolve the breach, which can have lasting financia l and reputa- tional e°ects on your organization, your customers, and employees. T h e r e i s n o o n e s i z e f i t s a l l d a t a breach playbook. However, there a re best practices that organizations should keep in mind. Reg ula rly reviewing the playbook with the breach response team a long with conducting lega l, operationa l a nd technolog y reviews to ensure that the playbook addresses current lega l a nd technica l risks in relation to cur- rent business practices should be pa r t of you r or ga n i z a t ion's pr iv a c y a nd cybersecurit y complia nce pla n. In our nex t a r ticle, we w i ll discuss interna l communications a nd tra in- i n g — p u t t i n g y o u r c y b e r s e c u r i t y complia nce pla n into action. NOTE: This genera l summa r y of the law shou ld not be used to solve indi- vidua l problems since slight changes in the fact situation may require a materia l va ria nce in the applicable lega l advice. Allison Cole is an attorney with the law firm of Krugliak, Wilkins, Gri‹ths & Dougherty Co., LPA, in Canton, OH. ■ Data Breaches & the Importance of the Data Breach Response Playbook BY ALLISON E. COLE, ESQ. 1 8❱❱❱❱❱ L E G A L— E A S E

Articles in this issue

Archives of this issue

view archives of MDNews - Cleveland-Akron-Canton - July/August 2018