Milwaukee, WI · Washington, DC · Boston, MA
HOME IDENTITY FORCE LINKS CONTACT

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Building A Data Breach Plan

You have decided to be proactive to Prepare for the Inevitable, a data breach at your company. The cornerstone of adequate preparation is a Data Breach Plan that can be put into practice at a moment's notice. This plan will govern your response to any data breach incident.

All too often a company's Data Breach Plan is constructed haphazardly in the midst of a breach incident -- perhaps the worst moment to be in need of and to begin creating one. The multitude of issues that must be considered, and the critical breach response decisions that must be made, should be approached in a thoughtful, reasonable and consistent manner.

You must not only pay particular attention to and remediate the breach itself, but also consider a variety of other, often related factors that will impact your approach and response to the incident. What will you do to explain the incident to your customers? What will you say when a government agent calls you for the details of the breach? How will you explain the incident to your vendors or suppliers, those who until now had been assured that your systems were secure?

The following links provide some insight into the development of a Data Breach Plan, the issues that you should consider when creating and implementing your plan, and the possible ramifications of failing to have a plan.

For more information on putting together a Data Breach Plan, click on the links below:

1. Planning for the Initial Response/Investigation
2. Building a Notification Plan
3. Media Issues
4. Government Agency Issues
5. Customer/Consumer Issues
6. Building Relationships with Vendors/Suppliers