Employers, whether they are retailers, medical facilities, banks or any other business, are often in possession of personally identifying information. This might include employee names, Social Security numbers, financial account numbers and addresses. Unfortunately, even the most careful of employers might be the victim of a data security breach in which this personally identifying information is stolen.

If a business owner learns of a data security breach, there are three main steps to take. First, the business owner should contact the police to report the situation. Second, the business owner should notify any other businesses, such as banks or creditors that may have been affected by the breach. Third, the business owner should notify any individuals affected by the breach in order to mitigate any possible misuse of the personally identifying information.

Of course, sometimes it is possible to safeguard personally identifying information from data security breaches. Both Connecticut and Massachusetts have data protection rules that businesses must comply with. This includes having a Written Information Security Program (WISP). WISPs are a plan that outlines what security measures a business will take to protect their data. There are certain requirements a WISP must meet and in Massachusetts, businesses without a WISP may face civil liability.

For this reason, many businesses seek legal assistance in developing a WISP. Legal assistance can also be valuable if there is a violation of privacy laws. Data security breaches can be devastating to a business, and to all affected by it. Attorneys can be a useful resource for businesses who are seeking to prevent data security breaches or who have been the victim of one.