- What data has been impacted?
- How sensitive was the data (i.e., does the breached data include addresses, Social Security numbers or banking information)?
- What is the employer’s obligation to report the data breach (i.e., sometimes customers, employees, the government or all the above need to be notified)?
- Based on the type of data breach, how quickly must the incident be reported to applicable parties?
Depending on an employer’s state and industry, the answers to these questions will vary. That’s why it’s essential to address these issues in a cyberattack contingency plan before a breach occurs. Employers should speak with legal counsel for help understanding their coverage risks.