Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Dealing with the Media

The unthinkable has happened. Your company is in the midst of a data breach. While you are diligently working with your staff to investigate the incident to determine exactly what happened and why, you are alerted to a call from a major news source. In the middle of everything that's happening, how do you handle this situation?

Perhaps you have already implemented your Media Plan, which will assist in what and how you inform the press concerning your data breach. But what subtleties must you overcome when actually speaking with or otherwise dealing with the media? Fortunately, there are a few things that you can do to assist you as you interact with the media.

First, know your talking points and stick to them. Preparing your statements in advance will permit you to provide them and nothing more. In this way, you control the information that will be provided.

Second, don't talk too much. Experienced journalists will do everything in their power to keep you talking. Know your limitations and don't get caught up in their questions. If they seek information in an area in which you are not prepared to speak, you may be able to resist answering by explaining that you cannot provide information in that area yet. Do not be afraid to admit that the investigation is continuing, and that you cannot answer certain questions for fear of compromising that investigating.

Third, track what the media says about your company and the breach. Be ready to correct any errors in reporting. At least one employee, or perhaps legal counsel, should be assigned the task of monitoring the media, both traditional and on-line, and preparing a media report summarizing what each media outlet is saying.

Finally, keep the lines of communication open. Follow up with your media contracts. You may benefit from additional coverage of your breach incident. Friendly relations with the new media can assist in that regard.