A data breach can severely damage a business. However, research has shown that businesses can limit the damage by responding to the breach quickly and in an appropriate manner. For this reason, most IT decision makers understand the importance of putting a data breach response plan in place.
A data breach response plan is a written policy that outlines what should happen immediately following a breach. Even though most businesses have established data breach response plans, many still work with third party vendors that do not have one of these plans. Every third party vendor should have a data breach response plan–especially your e-waste recycler. Here’s why:
Third Party Breaches
The vast majority of data breaches occur within an organization, however about one-quarter of all data breaches involve a third party vendor. This means 25% of all data breaches are completely out of your control. Because third party vendors are so vulnerable to data breaches, they each need to have a plan in place so they know how to respond to these events.
Customers Won’t Know the Difference
Don’t make the mistake of thinking that once a device has been taken away from your facility, it is no longer your responsibility to protect the data it contains. The customers that provided you with their information trusted you to protect it, not your e-waste recycler. If a data breach occurs while the device is in the possession of the recycler, many customers will still blame you for it even though it was not your fault. This means your business could still suffer even if the data breach occurs after you are no longer in possession of the devices. Protect your business by choosing an e-waste recycler who takes data security just as seriously as you do. Your e-waste recycler should not only go the extra mile to keep your data secure, but they should also be prepared to respond to a data breach.
If your sensitive data is compromised, you will need to know about it as soon as possible. But, an e-waste recycler that does not have a data breach response plan in place could forget to notify you in the event of a breach. This means your customers could learn about the breach from another source instead of directly from you, which makes your business appear less trustworthy. It also means you could continue doing business with the e-waste recycler, completely unaware that they failed to protect your sensitive data.
Poor Communication With Customers
If customers find out their information has been stolen, they will start to contact your company to learn how you are planning to help. It’s important to handle this situation in a professional manner so customers understand how apologetic you are and what you are doing to prevent another breach in the future. But unfortunately, if the e-waste recycler does not have a response plan in place, you may not have the information you need to communicate with your customers. In fact, the e-waste recycler may not even have information on how the breach occurred or how many records were affected if they were not prepared to respond to it.
Sufficient Resources to Handle the Breach
Creating a data breach response plan gives businesses the opportunity to determine if they have the resources to respond to a breach. For example, a data breach response plan explains who is responsible for investigating and putting a stop to the breach. As a business creates their plan, they may realize they need to hire a third party cybersecurity firm for support.
However, if an e-waste recycler never goes through the process of creating a plan, they may not realize they need additional resources to handle a breach until it is too late. E-waste recyclers that are unprepared often don’t know how to limit the damage of a breach, which means more sensitive data will be stolen and a larger number of customers will be affected. A data breach of this size could significantly damage your business, which is why it’s best to choose an e-waste recycler with sufficient resources.
How Reliable E-Waste Recyclers Respond to Data Breaches
All reliable e-waste recyclers should have a data breach response plan. Simply having a plan in place is not enough, however. The plan must also be thorough, otherwise it will serve no purpose. You should ask to see an overview of the data breach response plan before hiring an e-waste recycler. This will give you an opportunity to see how well they have planned to respond to a crisis.
ERI’s data breach response plan requires that the affected client be notified as soon as possible. The plan also calls for an immediate investigation into any suspected breach, even if a breach has not yet been confirmed. After investigating the incident, the client will receive a summary of exactly what happened. The client will also receive information regarding how much and what type of information was compromised in the breach. Furthermore, our customers are given a phone number that they can call to speak directly to one of our representatives.
Our plan also covers data breaches that occur as a result of theft. If a device is stolen, we will immediately notify law enforcement so they can launch an investigation into the matter. We will also ensure you are notified if any progress is made in the investigation.
At ERI, we take great pride in doing everything possible to prevent data breaches. We have never been impacted by a data breach, however, should a data breach occur at one of our facilities, we are prepared to handle it as quickly and efficiently as possible. For more information on recycling electronics, or to request a quote from ERI, contact us today.