The federal government is urging agencies to implement updated data breach response plans in reaction to a 27 percent increase (between 2013 and 2015) in the number of incidents in which the security of personally identifiable information (PII) has been jeopardized. PII is information used to distinguish or trace an individual’s identity, i.e., Social Security numbers, birth dates, driver’s license numbers, etc. Malicious hackers then use this information to execute identity theft, seek employment, obtain prescription drugs, claim benefits, etc.
To complicate things further, today’s ever-changing technological landscape presents unique risks to PII collected in both the government and private sectors. In an effort to address these rapidly evolving threats, the White House set forth recommendations for the development and implementation of a comprehensive data breach response plan in a recent memorandum. While the White House memo offers guidance specific to federal agencies, it incorporates best practices from the private sector and reflects changes to developing laws and policies, providing guidance for how organizations should tailor their response plans based on the nature of their business, identity of their constituents, and the type of PII it collects and retains.
