Data breaches: What to do when it happens to you | Auto Finance News Data breaches: What to do when it happens to you | Auto Finance News
Auto Finance News
Subscribe
  • Home
  • News
    • All News
    • Exec of the Year
    • Innovation & Technology
    • Management
    • Compliance & Regs
    • Risk Management
    • Capital & Funding
    • Powersports
  • Events
    • 2020 DEMOvations
    • Auto Finance Summit
    • Auto Finance Innovation Summit
  • EXCELLENCE
    • Best Practices
    • Topics
      • Compliance
      • Customer Experience
      • Operations
      • Technology
    • White Papers
    • Glossary
  • Magazine
    • Latest
    • Magazine Issues
  • Data
    • Lender Ranking
    • Fixed Rate Outstandings at Banks
    • Securitizations
    • Marketshare Monitor
AFN PLUS
Tuesday, January 19, 2021
Log In
No Result
View All Result
Auto Finance News
  • Home
  • News
    • All News
    • Exec of the Year
    • Innovation & Technology
    • Management
    • Compliance & Regs
    • Risk Management
    • Capital & Funding
    • Powersports
  • Events
    • 2020 DEMOvations
    • Auto Finance Summit
    • Auto Finance Innovation Summit
  • EXCELLENCE
    • Best Practices
    • Topics
      • Compliance
      • Customer Experience
      • Operations
      • Technology
    • White Papers
    • Glossary
  • Magazine
    • Latest
    • Magazine Issues
  • Data
    • Lender Ranking
    • Fixed Rate Outstandings at Banks
    • Securitizations
    • Marketshare Monitor
AFN PLUS
Log In
No Result
View All Result
Auto Finance News
No Result
View All Result

Data breaches: What to do when it happens to you

Chris Couch by Chris Couch
November 26, 2019
in Compliance
Reading Time: 2min read

Friday at 5:15 p.m. your chief information officer calls saying she thinks the company has been hacked. The allegedly hacked customer records have not been posted, yet the tip appears legitimate. The CIO asks: “What do we do?”

Scenarios like this are increasingly common, and the reputational, regulatory and operational effects can be devastating. Your response should be swift and focused, and it should include:

MOBILIZATION: Responding to a data breach will involve resources from across your company’s functional groups — IT, HR, legal, risk, accounting, marketing — and from the C-suite to the affected line of business, as well as external resources such as breach counsel, forensic investigators, crisis management and PR teams, and notification mail processors. You should have a response plan in place before the incident, and you should mobilize your team immediately.

Many of the issues you face next will have civil and regulatory implications, and your discussions should have the benefit of legal privilege. You should consider engaging breach counsel first.

STABILIZATION: The first step in getting control of your data postincident is to patch whatever leak you may have. Your technical team should lock down any stolen or misused credentials, devices or system vulnerabilities and preserve evidence.

INVESTIGATION: Once the technical vulnerabilities have been addressed, identify the scope and duration of the incident; use outside forensic examiners, if necessary. At the same time, review contracts with any implicated third-party service providers, and identify applicable responsive insurance.

ANALYSIS: Data breaches are addressed primarily as a matter of state law, with every state defining and prescribing responses to a breach differently. You may also have obligations related to data breaches under contracts with your commercial vendors or suppliers. Understanding your responsibilities — to customers, regulators, counterparties and investors — turns heavily on the language of the data breach statutes in each implicated state, and the language of your contracts. Which states are implicated is largely determined by the location of your customers and your business operations. Whether your counterparties must be involved is determined by the language of your agreements. This is a highly fact-specific, largely “legal” analysis.

NOTIFICATION: Once you have identified the “what,” “how” and “who,” it’s time to notify your external stakeholders. This may involve notifying customers, contractual counterparties and investors, and will most-assuredly involve notifying state attorneys general. Notification requirements differ by state, both as to timing and substance. The timing for most statutes runs from knowledge of the breach, and may be as short as 24 hours.

EVOLUTION: To the extent there is a benefit to a data breach, it lies in identifying the facts and circumstances that led to the breach and using them to anticipate future threats and improve your systems and practices.

Chris Couch is a member (partner) in McGlinchey Stafford’s Birmingham, Ala., office and a Certified Information Privacy Professional (CIPP-US). Chris can be reached at [email protected] or (205) 725-6404. McGlinchey Stafford is the Compliance Partner of Auto Finance Excellence (AutoFinanceExcellence.org), a sister service of Auto Finance News.

Tags: auto financecompliancecybersecuritydatadata breachMcGlinchey Staffordrisk
Previous Post

Fintech task force deliberates pros and cons of ‘big data’

Next Post

Wells Fargo settles auto insurance suit for $432M

Related Posts

2021 predictions compliance
Compliance

Auto finance compliance predictions for 2021

January 5, 2021
Post covid economic trends in auto finance
Compliance

Post-COVID economic trends in auto finance

December 14, 2020
Legislation in auto finance: What’s on the horizon?1
Compliance

Legislation in auto finance: What’s on the horizon?

December 8, 2020
Next Post
Wells Fargo, Chase boost auto originations in 2Q

Wells Fargo settles auto insurance suit for $432M

Leave a Reply Cancel reply

Your email address will not be published.

Latest Magazine Issue

Sign Up Email List

INNOVATION & TECHNOLOGY

2021 Auto Finance Innovation Summit returns as virtual experience

2021 Auto Finance Innovation Summit returns as virtual experience

January 13, 2021
Auto Finance Innovation Summit Delves Into Analytics-Enabled Tech

Top 5 tech stories of 2020

December 29, 2020

CORONAVIRUS

Dealers Feel the Pressure of Competition in Used-Car Market

Flagship Credit CEO on the importance of communication

January 18, 2021
Inside Scott Painter’s NextCar subscription service

Wells Fargo looks to increase vehicle loan automation

January 15, 2021

SPONSORED

Collateral Protection Insurance (CPI): What is CPI and what does it do?

Collateral Protection Insurance (CPI): What is CPI and what does it do?

January 8, 2021
US auto sales poised for crash after slowest pace in a decade

Driving Customer Loyalty, Retention After Total Loss

December 9, 2020
When tough times hit, proactive strategies pay

When tough times hit, proactive strategies pay

November 2, 2020

About

ABOUT US

PRIVACY TERMS

ADA COMPLIANCE

CODE OF JOURNALISM ETHICS

Follow Us

Twitter Facebook LinkedIn Soundcloud

Contact Us

ADVERTISE

HELP CENTER

EMAIL SIGN UP 

©2021 Royal Media & Auto Finance News

No Result
View All Result
  • Home
  • News
    • All News
    • Exec of the Year
    • Innovation & Technology
    • Management
    • Compliance & Regs
    • Risk Management
    • Capital & Funding
    • Powersports
  • Events
    • 2020 DEMOvations
    • Auto Finance Summit
    • Auto Finance Innovation Summit
  • Excellence
    • Best Practices
    • Topics
      • Compliance
      • Customer Experience
      • Operations
      • Technology
    • White Papers
    • Glossary
  • Magazine
    • Latest
    • Magazine Issues
  • Data
    • Lender Ranking
    • Fixed Rate Outstandings
    • Securitizations
    • Marketshare Monitor
  • +PLUS
  • SUBSCRIBE
  • Log In / Account

© 2020 Royal Media

Go to mobile version