Data Breach Preparedness

Article excerpt

The number of data breaches is rising in the financial sector. According to the Identity Theft Resource Center (ITRC), during the first six months of 2008, the 342 data breaches during the period amounted to a 69 percent increase over the same period in 2007.

In view of the statistics and despite their sophisticated encryption, security management software and employee screening practices, community banks need to continue to adopt "best practices" to address data breaches. At the top of the "best practices" list is data breach incident response training. Knowing who and what is involved in responding to a data breach is vital.

To be effective, a bank's incident response training should involve employees from key departments in the bank. In addition, the team should include one individual designated as the incident response manager, as well as certain external resources. Possible response team members to consider include an incident response manager, information technology/data center manager, information security/privacy officer, risk/compliance officer, legal/corporate counsel, chief financial officer, chief marketing officer, third-party data forensics professional, data breach communications/management professional and select third-party vendors.

Each team member's responsibilities should be delineated and documented in a "Response Planning Workbook" with asso-ciated time frames in the event a breach occurs. Also included in the workbook should be incident response forms and templates, reference materials covering privacy legislation, industry standards and a list of helpful links. The workbook is part of a larger data breach response plan that also includes the steps that would be taken in the event a breach occurs. …