Three experts on data security talked about what to do and what to avoid during a panel discussion at eMerge Americas on Monday in Miami Beach.

Here are some of the key takeaways:

 

Stan Wisseman security strategist at HP

There is no company below the radar when it comes to being attacked. Line up expertise even if you don’t have it in house.

A lot of companies are going through big data initiatives, but need to understand the sensitivity of the data and how to protect it.

 

Matt Anthony, senior VP of consulting and remediation services at Herjavec Group

Be prepared and have a plan. Even a small company should have a plan of what to do if there is a breach.

 Know what data you are storing, collecting and why. As a small business be careful of what you collect. They can’t steal what you don’t have.

Trust cloud services. It’s probably any better than what you can do locally.

 

Ian C. Ballon, shareholder, Greenberg Traurig

You may have a legal obligation in 47 states to provide notice in the event of a data breach. Expect calls from the news media and possibly a class action lawsuit.

He has never represented a company that initially got the cause of the data breach right. You have to investigate.

There’s no emerging company exception to state, federal law for notification in the case of a data breach.

Be careful of what you retain, but also know what needs to be retained. Not knowing what you should have kept could lead to an adverse finding in court.