What law enforcement to contact if an intrusion is discovered?
New regulations concerning unauthorized access to sensitive customer information talks about contacting law enforcement, if applicable. While hoping it is a plan that I never need, in an intrusion responce plan, where sensistive customer information may have been accessed and you are required to notify some customers of this fact; 1)Would you contact law enforcement? if so 2)What law enforcement agencies would you contact? Local, FBI, Secret Service? I'm in a $1.5B bank.
Software/Hardware used:
Software/Hardware used:
ASKED:
May 12, 2005 8:58 AM
UPDATED:
May 18, 2005 4:31 PM
Answer Wiki:
Legal obligations to report. Determine scope of problem - is the exposure local, contact city/county police. Is there applicable state law, then they also have to notified. Does the the exposure include other locales in the state, then notify state level authorities anyway. Are any of the customers exposed in other states, then it is a federal matter by the ICC (Interstate Commerce Clause). And the newer regulations GLB and HIPAA require their involvement. If you suspect foreign involvement in the breach of security, then the FBI is at the top of your list. Good luck, and may none of us have to walk this decision path.
To see all answers submitted to the Answer Wiki: View Answer History.
This is a question best answered by your legal depatment. Depending on where you are and what legislation is involved could change the list of contacts that are required to be notified.
The best general advise I can give is to contact the police services in at least your first two levels of government (county and state, municipal and provincial). From there they should be able to provide you with the appropriate departments/agencies to contact and the contact numbers.
Remember, allways contact these people/agencies prior to an incident. They will be able to provide infomation regarding what they will need to know and what you should do (or more importantly not do) in the case of an incident. It will also give you the opportunity to develop a relationship and mutual respect with contacts in the agencies so you may get better treatment when the incident occurs.
I would contact your local Infragard chapter. Infragard is an orgization that is run by the FBI which helps business with just these types of issues. They typically have bi-monthly meetings.