How do you respond to a breach of customer data? If you operate an ecommerce store, you need to know. Revision Legal partner John DiGiacomo has published another article on Practical Ecommerce: How to Respond to a Breach of Customer Data.
Data breaches seem to be the norm these days, whether they are at Yahoo, Home Depot, or, more recently, Michigan State University. And ecommerce merchants are not immune. My firm has recently handled data breach responses for small ecommerce companies that were affected by a breach of the LemonStand ecommerce platform.
Ecommerce merchants must take the risk of a data breach seriously. A breach that exposes customers’ data carries enormous potential liability. It can cause a business to go bankrupt.
But there is some good news. According to “2016 Global Security Report” by Trustwave, the security firm, only 38 percent of global data breaches target ecommerce stores. Traditional brick-and-mortar retail stores are the most targeted — roughly one-third of overall data breaches target magnetic strip data obtained from point of sale machines.
Notification laws vary from state to state:
It can be difficult, however, to detect a data breach. Forty-one percent of worldwide breaches are detected by victims, while 58 percent of breaches are reported to their victims by regulatory bodies, credit card companies, and banks. This, again, is from the Trustwave report. The average median time between a network intrusion and detection is 168 days for external detection and 15 days for internal detection.
Develop a Strategy to Reduce Risk
… develop a strategy for reducing the company’s risk associated with the breach. Many breached companies have offered credit-monitoring services or identity-theft-monitoring services to victims of the breach, to reduce the further risk of loss or harm. Others have offered informational packets or even some form of compensation to reduce their risk of liability. Each circumstance is different.
You can read the entire article here on the Practical Ecommerce site.
Revision Legal has worked with businesses of all sizes to assess data retention risks. If you have concerns about your exposure or have received a notification that you have been a victim of a data breach incident, contact the experienced data breach attorneys at Revision Legal. Civil fines are available in some states for a failure to expeditiously notify those affected by breaches. You need the legal team from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.
Photo credit to Flickr user Maria Irwin.