The White House Office of Management and Budget (“OMB”) marked the beginning of the 2017 Federal calendar year by issuing a memorandum to all agency and department heads with new guidance on breach preparation and response. While the guidance is not directed to the business sector, it is instructive for corporate counsel as it complements the breach response guide the Federal Trade Commission issued back in October.
The FTC Breach Response Plan focuses on what a company should do once it has discovered a breach. The OMB guidance includes more comprehensive advice on how to prepare for a breach and highlights several best practices that can prove useful for any business. In short, it is a great counterpart to the FTC’s guidance for any company conducting a Breach Response Plan review.
Here are some helpful topics/resources from the memorandum:
- Breach response plan defined terms and listing of common examples of a breach
- Overview of minimum breach response plan elements, including:
- Breach Response Team
- Privacy Compliance Documentation
- Secure Interdepartmental and Third-Party Information Sharing
- Reporting Requirements
- Assessing and Mitigating Risk of Harm
- Breach response contract terms for third party vendors
- Considerations for identifying logistical support and technical support when responding to a breach, and
- Appendices which include a breach reporting template, general and category specific guidance for affected individuals, and examples of services a company can provide
Here’s hoping that Baby New Year doesn’t welcome you to 2017 with a security breach, but read together, the FTC and OMB resources can be a helpful way to start the new year by making resolutions on breach prevention and response planning.