The number of cyber attacks and data breaches has increased significantly in recent years, and public entities are not exempt. These “cyber events” include the theft or release of personally identifiable information such as Social Security numbers from a computer system, the transmission of malware from a computer to a third party or a “denial of service” attack that results in the inability to use computers or websites.
These incidents can have a considerable financial impact on a public entity, including the cost of lawsuits, crisis management and notification of the affected parties. They can also lead to a public relations nightmare.
5. “If we had a data breach, we could handle the notification requirements ourselves.” Most public entities would have difficulty complying with state and federal notification requirements in the event of a data breach. It is also common for goodwill purposes to provide credit monitoring services and identity theft education and assistance for the affected party. Most public entities would not have the expertise and staff to provide these types of additional goodwill services for the affected party.