Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Customer/Consumer Issues

Your customers are perhaps your company's most important asset. You cannot afford to alienate them, anger them, or otherwise turn them against you. A data breach incident in which their personal information is exposed to potential data thieves is just such an event that could hurt your customer relations.

Customers are not the only ones that you need to worry about. Customers are but a sub-group of consumers generally, all other individuals in the country (or the world) whose information you may have obtained or are otherwise using. If you are handling consumer data, then you owe certain duties to those consumers to use their data in appropriate ways, and particularly to protect that data. Many a data breach has resulted in the exposure of consumer information to potential data thieves, and the corresponding backlash is enormous.

You should consider that group of individuals that pertains to your company. If you only collect information from customers, then that group should be your focus. If you deal with both customer and consumer information, then you must consider the ramifications of data breaches toward both groups.

To this end, you should prepare a Customer Retention Plan and a Consumer Response Plan.