Remote and on-site support when you need it
Whether you need help in the event of a data breach or long-term support to enhance your organisation’s identity theft and breach notification approach, our experts are on hand 24/7 to provide assistance across the incident lifecycle.
- Data breach notification
- Call centre services
- Identify theft restoration and consultation
- Credit and identity monitoring
- What is a data breach?
A data breach is the exposure of confidential, protected or sensitive information to an unauthorised party which leads to the files being viewed or shared without permission. Organisations subject to a data breach must inform the relevant authorities in their country within a certain time period and take other required steps, such as informing the individuals affected if the breach presents a significant risk to them.
- What do I need to do if my organisation suffers a personal data breach?
Following the introduction of the General Data Protection Regulation (GDPR), the need to detect, respond to and report data breaches is now greater than ever for all organisations that process any form of personal information. Organisations that fail to demonstrate appropriate controls and/or fail to report a data security breach to a relevant authority within 72 hours risk significant financial penalties.
- How do I report a data breach?
In the UK, if your business is affected by a data breach, it must be reported to the Information Commissioner’s Office within 72 hours of discovery through a breach notification letter. The information you provide should include a description of the breach, the type and quantity of data compromised, an outline of the likely consequences of the breach, and how you intend to address it. If the impact of a breach represents a high risk to the rights and freedoms of individuals, you should also directly notify those people.
- What is a data breach notification letter?
A data breach notification letter is the method through which organisations comply with their legal obligation to inform the Data Protection Authorities (DPAs) or individuals for their country. Because your notification letter is your primary communication with stakeholders regarding your data security incident, it plays a key role in controlling your message and managing breach population fears.
- What should a data breach notification letter include?
Breach notification letters should include a brief description of what your organisation is doing to investigate the breach and how it aims to take action to minimise the impact on individuals and to prevent any further breaches. Kroll experts will work with your team to implement a personalised, plain-language notification letter that provides pertinent information and maintains message control.
- What steps should I take to defend my organisation against a data breach?
In Kroll’s 2021 Data Breach Outlook report, 43% of the organisations interviewed still felt they were not ready to notify in the event of a breach. Given the significant growth in data breaches, we strongly recommend that organisations take proactive steps to prepare for a notifiable data breach incident. Our five key recommendations for better preparing for a breach event are:
• Negotiate and retain key vendors to assist during incident response
• Conduct tabletop exercises with leadership and incident response specialists
• Provide education, training and technical support to employees
• Understand where data resides in your organisation
• Don’t rely on encryption as your only method of defence
- How do breach notification services support the fulfilment of regulatory requirements?
In today’s global economy, where data can cross many jurisdictions, your organisation may be required to comply with a patchwork of stringent notification regulations. This can make acting in the event of a data breach even more complex. Our data breach notification solutions enable companies under pressure to deal with data issues across different areas, with call centres staffed by multilingual representatives. As data privacy regulations evolve, we track them closely, developing capabilities to fulfil the needs of organisations in various jurisdictions.
Get immediate incident response assistanceGet in touch
Breach Notification Support
Simplifying the complex demands of breach notification
Our proven expertise and unrivalled resources enable us to ensure that your data breach response is managed in a way that complies with regulatory expectations and protects your reputation. Kroll has delivered notification and call centre services to hundreds of millions of people worldwide, and our team routinely handles the most pressing emergencies with speed and efficacy.
Breach notification retainers
Flexible breach notification retainers
To help your organisation respond faster and more effectively to data breach incidents, Kroll’s breach notification retainer provides elite digital forensics and incident response capabilities on-demand. Our client-friendly notification retainers offer value for money and maximum flexibility and include a range of services, such as sending data breach notification letters, rapid data cleansing and identity theft restoration and consultation to support victims.
- Flexible, on-demand services
- Recognised by CREST and the PCI Council
- A global team of breach notification specialists
- 3,200 security incidents responded to every year
Get in touch
Complete the form for a prompt response from our team.