A data protection breach can be the result of you failing to uphold the principles of the Data Protection Act, or it can be the result of a cybercrime, such as hacking, which puts data at risk.
Target of data breach:
- PII – Personally Identifiable Information. This includes data such as social security numbers, contact information, birth dates, education and other personal information.
- Financial Information. This includes charge card numbers and expiry dates, bank accounts, investment details and similar data.
- Health Information. This includes details on health conditions, prescription drugs, treatments and medical records.
- Intellectual Property. This includes product drawings and manuals, specifications, scientific formulas, marketing texts and symbols, proprietary software and other material that the business has developed.
- Competition Information. This includes data on competitors, market studies, pricing information and business plans.
- Legal Information. This includes documentation on court cases the company may be pursuing, legal opinions on business practices, merger and acquisition details and regulatory rulings.
- IT Security Data. This includes lists of user names and passwords, encryption keys, security strategies and network structure
Reporting and contacting affected parties
If your business has been the victim of a data breach, it’s important that you report it to the relevant authorities.
You should also contact the people whose data has been affected. This could be a case of contacting individual parties, or providing advice to all your users, or customers, about how to re-secure their data as a result of the breach.
This could be a simple change of password. Also, consider sending warnings about phishing scams and explain what information may have been accessed. Even if nothing has been taken, it’s often worthwhile reassuring people that their data is safe and steps are being taken to make it more secure.
Data breaches involving the type of data that can severely impact the reputation and business situation of a company. In addition to contractual obligations that may be impacted, the planned sale of a company could be put in question by a data breach.
If your competitors become familiar with your business strategies and are able to market products similar to yours at a lower price, your business might not survive.
Solution to data protection breach
While you can keep your perimeter security and other protective measures in place, what you need in addition, is a data-centric solution that allows you to tightly control who can read specific files and data sets. Encryption offers this kind of control, but it has to be the right kind of encryption. If a specific file or email is encrypted properly, you can control who can read it at all times. Even if there is a data breach of your IT system and unauthorized individuals gain access to the data, they will not be able to read it and a data breach with respect to that data is avoided. Such an application can reduce your data breach risks to acceptable levels and protect your business from ruinously high data breach costs.