It can be quite an unnerving moment to open a legal sized envelope from a company you do business with and discover a security breach notice inside. That means there is the potential that a hacker has had access to some of your personal information and you may be vulnerable to identity theft. The feeling in the pit of your stomach can be a sinking feeling and rightly so. Here is what to do if you get one of those ominous letters:

First thing, don’t panic. Determine what kind of breach has occurred- medical, financial or one having to do with your Social Security Number. That will help you figure out what you need to focus on. If the breach may have compromised your Social Security Number, the best thing to do is to establish a fraud alert, notify your credit card company and get a copy of your credit report (For your free annual report as provided by law phone (877) 322-8228 or www.annualcreditreport.com). Stay aware and alert.

Now put on your business hat. There are some key elements that any size or type of business should use in being proactive to avoid, or at least minimize, a security breach nightmare.

First, collect the minimum amount of personal information needed and keep it for the least amount of time necessary.

Second, inventory all of the carriers of data in your organization- computers, files, records and storage media. Dispose of records and equipment containing personal information that you do not need in a secure manner. Keep records and equipment containing personal information that you do need under lock and key, or password protected or at least know and trust the people who have access to it.

Next, classify information by sensitivity. Identify and flag all security breach triggering types of data. Review your state's security breach notification law and your security plan at least annually and update your plan as needed. Train your employees to know what sensitive information is and how to protect it.

Then, always use protection. Use data encryption, password protection, host protection, access control and other available technologies to keep you information as secure as possible. With paper documentation, be sure it is secured from potential theft (locked drawers, locked file cabinets).

Be sure to put a notification plan in place. If you do fall prey to hackers or suffer lost laptops with customer or personal information, and its happening daily, be sure to have a plan in place. Time is of the essence in notification procedures. The Privacy Gurus® can help you develop a notification plan so that you can make sure that you are ready to comply with the law and avoid fines for knowing of a security breach and not reporting it.

As always, be aware, alert and informed as to any potential liability lurking.

Darity Wesley is CEO and Legal Counsel for Privacy Solutions, Inc. a San Diego based consulting firm. Her team of Privacy Gurus® work with you to create policies and procedures to establish the expectation of privacy for your members, clients, customers, prospects, affiliates, associates, employees and vendors. You can reach her at (619)670-9462 or Darity@privacygurus.com