Merchants 5 Step Guide
To PCI Compliance
|
ISO / Acquirers 5 Step Guide
To PCI Compliance
|
|
Step 3: Create a Notification Plan
Once your organization's rapid response team assembles, it's time to create a notification plan for all entities that require notification after a breach.
The following are the major groups that organizations should contact, in the event of a data breach:
- Law Enforcement - Is this a physical theft? Is any person in danger as a result of the theft? In the event of a stolen computer hard drive, laptop, or other device, along with any identity theft issues, report the crime to the proper legal authorities, including-if needed-the Federal Bureau of Investigations (FBI) or the U.S. Secret Service, or your local police department. If mail theft is involved, contact the U.S. Postal Inspection Service.
- Affected Businesses - Do you store and maintain credit card or bank account numbers, or store or collect personal information for any third party organization? Have credit card and bank accounts been stolen from you, but the accounts are stored with another organization? In the event of a data breach that includes bank, credit card or Social Security numbers, whether stored with your organization or with a third party organization, notification to those third-party organizations is mandatory. This may involve notifying the major credit card bureaus, if needed.
- Affected individuals - Notify individuals in a timely matter, so that the affected parties can quickly take steps to rectify the situation. The Federal Trade Commission (FTC) has a list of notification guidelines, when sending notification to individuals. Allow the affected individuals to request police reports, contact law officials, contact credit bureaus and urge the victims to contact the FTC, if needed.
 Print this page
 Send this page to a friend
|
|
