Data Breach Response Plan

A data breach can be a very damaging event for any business, large or small. And they can be expensive to fix. Earlier this year, ALTA hosted a Title Topics webinar titled Life Cycle of a Data Breach: Know What You Need to Do to help professionals understand how to develop a plan in case a breach happens to them. Participating on the webinar were Matthew Froning, chief information officer of Security Compliance Associates; and Christopher Gulotta, founder and CEO of Real Estate Data Shield.

Here’s a step-by-step guide to help you create an effective data breach response plan. You can also check out this 24-hour checklist in case you’ve suffered a breach.

What is a data breach?

A data breach is any occurrence where there is non-permitted access or release of personal or private information or information not suitable for public release. Whether your firm manages data directly or outsources management through a contractor or cloud service provider, if your information has been leaked or accessed without your permission, there has been a data breach.

What causes a data breach?

Data breaches can be caused by:

  • Hackers illegally gaining access to data
  • Lost, stolen, or misplaced tech equipment like laptops or cell phones
  • Employee carelessness, like leaving a password in a publicly accessible location
  • Policy or system failure, like a policy that lapsed on a particular security measure or an ineffective security system

How to prevent a data breach?

It’s essential for every title and escrow company to take measures to prevent data breaches before they happen. Effective data breach prevention has two parts: a security plan and a culture of security awareness.

When creating your security plan, try to understand the specific threat landscape for your business. Do you store most of your information on the cloud? Do you keep sensitive customer information like passwords or addresses? Perform risk assessments on your existing systems. Check your hardware, your operating systems, and your existing security software. Are there any risky holes that you hadn’t considered? Finally, in your plan, use a mix of technology and policy. While data security technology, like firewalls and antivirus programs, and policy, like rules and procedures regarding sensitive data, are somewhat effective at keeping security risks at bay, using both in tandem will ensure that your firm’s security has no gaps.

After you have created your security plan, your firm must develop a culture of security awareness. If just one employee is careless with passwords or protecting sensitive information, a data breach can occur. Make sure each staff member is well-versed in the dangers of cybersecurity threats and is familiar with your company’s security plan. The best protection is prevention.

What is an incident response plan?

Factors leading to data breaches are all-too-common in every business operation. Even if your firm has put in place every possible preventative measure, breaches may still occur. That’s why it’s imperative that your firm has an incident response plan in place.

An incident response plan is a prepared, specific approach to curb any potential threats and take action when a threat does crop up. The plan should account for breaches sourced from inside or outside your firm, and should identify a Response Team who will be responsible for implementing the plan.

How to make a plan

  • Create the Response Team: Establish team roles and responsibilities for each team member. Also, create a team manager who will lead the Response Team and delegate responsibilities.
  • Make a list of all relevant resources you may need: From stopping the breach to handling media about the incident, you will need help from many different departments and possibly from outside of your firm. Be sure to include IT, legal, communications, credit, and insurance to cover all of your bases.
  • Plan for every scenario: Whether the breach originates from malicious hacking, or from inside your own firm, create a tailored plan for every possible scenario.
  • Have breach recovery goals: Should there be an incident, create a model timeline within which you will stop the leak and fix any damage. Set employee expectations.
  • Conduct regular reviews of policy.
  • After your plan is created, train and test: Train every employee on the details of the plan, their roles as potential members of the response team, and how they can respond individually. After employee training, test your plan to ensure that there are no gaps and that every employee is comfortable executing it.

For more information on policies and procedures to protect non-public personal information, review ALTA’s Title Insurance and Settlement Best Practices at

Copyright © 2004-2016 American Land Title Association. All rights reserved.


This article has been used and reprinted with the permission of The American Land Title Association.  The material is for general information purposes only and is not to be relied upon or used for any particular purpose. Title Industry Assurance Company, RRG and The American Land Title Association shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice.