If your business experienced a data breach, it is essential that you act quickly and efficiently to respond. Pennsylvania’s Breach of Personal Information Act of 2005 outlines a company’s responsibility to protect consumers’ information and to inform those affected in case of a breach. You are legally required to take certain actions to mitigate the damage and show transparency to the public.
During this time, it is important to remember that a data breach does not have to sink your business. Many companies have survived information leaks by remaining calm and professional during this stressful time. Because of this, it’s a good idea to designate a task force devoted specifically to clean up after a breach.
Without unreasonable delay
While the Act does not dictate a strict timeline to announce a data leak, it warns against “unreasonable delay.” This may appear to give companies leeway in how quickly they must respond, but it is essential to immediately stop the leak, remedy what you can, and send out notice as soon as it is reasonably possible. Businesses who do not take seriously the responsibility to protect the information of their customers and to follow the guidelines in the Act may be in violation of federal and state law.
Means of communication
State law allows multiple means of announcement to the public. You can inform affected consumers by mail to their last known mailing address, by telephone, or by email. In some cases, you may also have to post notifications online or in the news for hard-to-reach consumers.
Businesses are responsible to check for and take action to remove any consumer data posted online. The more quickly a company acts, the more likely they will be able to mitigate further damage.