Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Developing Relationships

The government has an interest in investigating data breaches. The various federal and state agencies charged with protecting consumer rights have taken an interest in ensuring that data breach incidents do not result in identity theft or other consumer fraud. Understanding and appreciating this government function is important to building respect for, and ultimately relationships with, government agencies.

Granted, your relationship with the government inspector may be short-lived, perhaps lasting through the initial investigation and remediation of your breach. Nevertheless, it is important to stay on good terms with the investigator.

The easiest way to gain the respect of the government agency is to maintain honesty and accuracy regarding the breach. Even if you cannot answer all of the questions posed to you at the time, do not appear to dodge any issue.

Of course, you also must carefully assess the situation to ensure that you are not admitting damaging information that may be used against you later. Never cover anything up, but always make sure that what you say is responsive to the questions asked, and is stated in a manner that is consistent with your internal investigation of the breach incident.

At the end of the day, government investigators are not looking to harass or hurt you purposefully. They want to get to the truth, and that usually means extensive digging or questioning. A well-coordinated approach to dealing with government agencies will help you get through this process quickly and efficiently.