Reading time: 5 minutes

Many businesses store all of their information online or in digital databases. This is convenient, can reduce costs, and has a lower environmental impact. Digital storage means you can find information more efficiently in a digital database, whereas you may have had to trawl through filing cabinets in the past. However, this greater connectivity means that it is easier to lose information in a data breach. The consequences of a data breach can be devastating, depending on the nature of the information lost. Therefore, you should plan for what to do in the event of a data breach to mitigate these consequences. This article will outline some potential indicators of a data breach and what to do in the aftermath.

What is a Data Breach?

The exact nature of a data breach varies depending on the kind of data compromised. However, it generally refers to when something releases your business’ private and confidential information into an unintended environment. This can include:

  • an unauthorised person gaining access to your information; or
  • the data becoming publicly available.

A data breach can result in unauthorised individuals misusing or sharing your business’ confidential data. They may use it for personal gain or harm either your business or others. Examples of confidential data can include:

  • personal information of both your customers and employees, such as names or phone numbers;
  • sensitive business data, such as financial accounts;
  • personal health information;
  • reputation-damaging information; or
  • intellectual property, such as trade secrets.

REMEMBER: Data breaches are not always the result of a malicious cyberattack. They can be deliberate or accidental. For example, data breaches can occur because an employee sends a confidential email to the wrong person or a third party is taking advantage of bugs or weaknesses in your cybersecurity.

Indications of a Data Breach

It may not always be easy to spot a data breach, so it is vital to recognise its potential signs. Such indications may include;

  • digital systems running unusually slow;
  • unfamiliar software on your office desktops;
  • missing information from your databases;
  • messages from your website provider about suspicious activity;
  • passwords not working; or
  • business website content you had not approved.

Unfortunately, you can never completely eliminate the risk of a data breach. Therefore, you must implement adequate security controls to avoid them. Otherwise, you run the risk of reputational damage, losing customer trust, and legal penalties.

The Aftermath of a Data Breach

If you suspect a data breach, then the first thing you should do is check your incident response plan if you have one. This plan will outline the steps you need to take to mitigate lasting damage to your business and its processes. If you do not have one, ensure you develop one after dealing with the problem. Following a breach, implement preventative measures to stop the same thing from happening again. In the meantime, you should complete the following tasks.

Identify the Breach and Limit Its Harm

The first thing you need to do is stop any further information from being spread. If the leak is ongoing, disconnect any systems that an unauthorised person can access remotely. Do not shut down your systems, or else you may lose evidence of the breach. Reset any access passwords and stop connections between systems to limit spread if the breach was due to a virus.

Next, check security and access logs to find out how the breach happened. Note down everything that has happened so far, including how you noticed the issue and what it has affected, such as your website or email accounts. Try to retain as much evidence as possible.

Evaluate Its Effects

Once you have stopped any further spread of information, you need to identify the full impact of the breach. This means finding out:

  • the nature of the information lost;
  • how much data leaked; 
  • who has the information now; 
  • who the breach has affected; and
  • how harmful the lost information was.

For example, you may have lost confidential data in a breach. However, this data was likely encrypted and the key is still secure. Therefore, the extent of harm is not as bad as it could have been.

Report When Necessary

The next step is to determine whether you have to report this breach. If the information affected was personal information likely to cause serious harm, you must notify the Privacy Commission. You should notify the relevant individual unless informing them would cause greater harm than the breach itself.

Key Takeaways

A data breach occurs when something releases confidential information into an unintended environment, such as the hands of an unauthorised person or to the public. To deal with a breach, you should take steps to limit its spread, determine its cause, and identify its consequences. You must also comply with your legal obligations and report where necessary. If you would like more information or help with a data breach at your business, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a data breach?

A data breach is when something releases your business’ sensitive information into an unsecured environment. This could be the hands of an unauthorised person, or to the general public.

When do I need to report a data breach?

If the data breach included any personal information likely to cause serious harm with its release, then you need to notify the privacy commission. Serious harm could include identity theft or threats of violence.

What are some signs of a data breach?

Signs of a data breach vary, but if something is going wrong with your digital systems then a breach could be a potential cause. These include passwords not working, reports of suspicious activity on your website, or missing sensitive data.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards