Written by attorney Sreenivasarao Vepachedu

Data Breach Response Guide for Businesses

The privacy policy statement posted on a company’s website binds the company and should be taken very seriously. Accordingly, the Office of the Chief Privacy Officer's responsibilities include protecting privacy rights and notifying customers of their obligations and choices.

Additional resources provided by the author

Notes and References [1] As an Intellectual Property service provider, your privacy is very important to Cardinal Intellectual Property. The privacy policy statement posted on our company’s website binds us and we take this very seriously. Accordingly, to protect your privacy rights and notify your obligations and choices, the Chief Privacy Officer is available to assist you in resolving your privacy issues related to your personal data submitted in order to procure intellectual property services. For further details please visit: Cardinal Intellectual Property Privacy Policy (CPP) [2] Vepachedu, GIANT SUCKING SOUND OF INVERSION:; [3] Responding to a data breach? Check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business. [4] FTC Suggested Model Letter The following letter is an FTC model for notifying people whose personal information has been stolen. It is important to advise victims to place a free fraud alert on their credit reports. A fraud alert may hinder identity thieves from getting credit with stolen information because it’s a signal to creditors to contact the consumer before opening new accounts or changing existing accounts. Also, advise victims to consider placing a credit freeze on their file. The cost to place and lift a freeze depends on state law. Company/Institution/Logo Date: NOTICE OF DATA BREACH Dear [Name]: We are contacting you about a data breach that has occurred at [Company]. What Happened? [Describe how the data breach happened, the date of the breach, and how the stolen information has been misused (if you know)]. What Information Was Involved? [This incident involved … describe the type of personal information that may have been exposed due to the breach]. What the Company/Institution is Doing [Describe how you are responding to the data breach, including: what actions you’ve taken to remedy the situation; what steps you are taking to protect individuals whose information has been breached; and what services you are offering (like credit monitoring or identity theft restoration services).] What You (client) Can Do [FTC recommends that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days. Equifax: (link is external) or 1-800-525-6285 Experian: (link is external) or 1-888-397-3742 TransUnion: (link is external) or 1-800-680-7289 Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Checking your credit reports periodically can help you spot problems and address them quickly. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, file a police report and call [insert contact information for law enforcement if authorized to do so]. Get a copy of the police report; you may need it to clear up the fraudulent debts. If your personal information has been misused, visit the FTC’s site at to get recovery steps and to file an identity theft complaint. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations. You also may want to consider contacting the major credit bureaus at the telephone numbers above to place a credit freeze on your credit file. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identify thief can open new accounts in your name. The cost to place and lift a freeze depends on state law. Find your state Attorney General’s office at to learn more. Please visit Identity Theft: A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft. We’ve also attached information from about steps you can take to help protect yourself from identity theft, depending on the type of information exposed.] Other Important Information [other important information here.] For More Information Call [telephone number] or go to [Internet website] [State how additional information or updates will be shared/or where they will be posted.] [closing] Your Name

Free Q&A with lawyers in your area

Can’t find what you’re looking for?

Post a free question on our public forum.

Ask a Question

- or -

Search for lawyers by reviews and ratings.

Find a Lawyer