Breach Notification Counseling
You’ve Been Breached. Do You Notify?
When an organization has been breached, or had a significant failure of security controls, the organization must determine if there is an obligation to notify customers, partners, the authorities, and/or the public in general.
In the event of a data breach, HALOCK can assist your organization in determining if and when notification is required.
Common scenarios that warrant some form of formal notification include:
- Personally Identifiable Information (PII) was lost on an unencrypted device or media
- PII was disposed in a such a way that makes it accessible to external parties
- Network forensics show data has been inappropriately extricated from your systems
- PII was accessible to systems that were breached despite the lack of reliable evidence of access to PII
- PII was accessible to a system account that has been compromised despite the lack of reliable evidence of access to PII
- PII was accessible to a user account that has been compromised despite the lack of reliable evidence of access to PII
If you have experienced any of the above scenarios, or similar, you may have legal, regulatory, or contractual obligations to notify. Contact HALOCK today to discuss what your obligations are and how HALOCK can be of assistance.