Frequently Asked Questions

To learn more about First Watch's solutions for your business, explore the questions and answers below. Want to learn more? Contact us.

Q: What exactly does FWT do?

A: In a nutshell, FWT makes available a suite of services to assist businesses with being prepared for and responding to data breaches. These services include a resource for sample policies and procedures for securing personal data, facilitating employee background checks and making identity theft protection services available in the event of a data breach. As part of our package of services, some plans include a Risk Protection feature that will provide reimbursement for up to $100,000 (after first $1,000) of eligible expenses arising out of a data breach. FWT provides some of these services itself but has also assembled a team of partners with the appropriate expertise to provide related services.

Q: Can I purchase individual services from FWT or do I need to purchase the entire package?

A: Currently, the services provided in the package are not available individually.

Q: How long do I have to be a client of First Watch before I benefit from all of your services?

A: Your membership benefits commence immediately upon your acceptance of the Terms of Service and payment of the applicable membership fee.

Q: What steps will FWT take in order to determine if my company is compliant with privacy laws?

A: Our package is designed, in part, to provide you with some basic tools, including an easy to follow risk assessment, sample policies and procedures, training materials and other forms and materials, that are designed to assist you with your compliance efforts. We also make available legal and other resources that you can tap to get more information. For example, the package includes a hotline you can call to get answers to quick questions from an attorney specializing in data privacy and security law. We hope these resources are useful to you in your compliance efforts. Of course, FWT does not provide legal advice, so to ensure that you meet applicable legal requirements, you should check with appropriate legal counsel.

Q: If I run my business in several states, will FWT assist me in becoming compliant in all states and assist in the event of a data breach in each state?

A: Our package provides a wide range of resources for you to use in your efforts to comply with applicable data privacy and security laws. This includes a number of multi-state resources such as a compilation of state data breach notification statutes and regulations and white papers and other materials that discuss data privacy and security mandates. Of course, you will need to determine with your legal counsel what federal and state laws apply to your organization and what steps you need to take in order to comply with those laws.

Q: When I call to tell you I think we have a breach, will I be able to talk to a live person right away or will it be a recording loop?

A: Yes, you will be able to speak to a live person.

Q: Do I need to be concerned with a data breach if I am the only employee in my company?

A: You need not worry so much for you with regard to notification. But if the breach involves your clients' or customers' personal information, you may have notification obligations for applicable federal and state laws.

Q: If a business owner chooses to ignore a breach, are the penalties civil, criminal or both?

A: A business owner who chooses to ignore a breach has potential exposure on a number of different fronts.

  • With regard to penalties, the state laws vary. Some states treat the failure to comply with the breach mandate as an unfair or deceptive trade or business practice for which the attorney general can impose civil penalties. In other states, the statues provide a set penalty amount that applies depending on the number of persons affected and/or the type of failure (for example, the length of the period the notice was not provided). Penalties are rarely criminal in nature.
  • Some states also permit individuals affected by a breach to file private causes of action against the entity that suffered the breach. In some cases, a plaintiff can recover punitive damages and attorney's fees.

In addition, if it comes to light that a business ignored a breach there may be significant harm that results from damage to the company's reputation and its relationship with employees and/or customers.