If your data gets breached, here’s a simple outline of what usually happens:

1 – Notification of affected individuals: Virginia law requires businesses and organizations to notify affected individuals in the event of a data breach. The notification must include information about the types of information that were exposed, the steps being taken to investigate the breach, and any measures being taken to protect affected individuals from identity theft or other harm.

2 – Notification of the Virginia Attorney General’s office: Businesses and organizations must also notify the Virginia Attorney General’s office of any data breaches that affect more than 1,000 Virginia residents. The notification must include information about the scope and nature of the breach, the steps being taken to investigate and mitigate the breach, and any assistance being offered to affected individuals.

3 – Investigation and remediation: After a data breach occurs, businesses and organizations are typically required to conduct an investigation to determine the cause and extent of the breach, and to take steps to remediate any vulnerabilities or weaknesses in their data security practices.

4 – Possible fines and penalties: Depending on the severity and cause of the breach, businesses and organizations that experience data breaches in Virginia may be subject to fines and penalties from the Virginia Attorney General’s office. These penalties can vary depending on the number of individuals affected, the types of information exposed, and the steps taken to mitigate the harm caused by the breach. 

Shred Instead’s “SI Protection Program” can help you put the correct Policies and Procedures in place to not only help prevent a Data Breach but also put a plan in place in the event a Breach occurs and show compliance with the Statutes and Laws found here.