Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Dealing with Inquiries by Government Agencies

Your company's data breach has sparked the interest of the Federal Trade Commission. A government attorney calls to ask about the incident. What do you do? There are a few practical tips that you should consider when dealing with any government agency investigating a data breach incident.

First, stick to your talking points. You should know in advance what information should and should not be provided to the government investigator. Don't allow yourself to say too much beyond what you have prepared. Importantly, do not guess or speculate about things that you do not know. If the cause of the data breach is not yet known, simply state that the investigation is ongoing and that you expect to learn the details in the near future.

Second, keep track of what was stated in your interview. You must record what information was provided, and what was not, to each government agency that calls. At the same time, be consistent in your answers. You simply cannot tell one government agency one thing, and then state the exact opposite to another agency.

Third, provide follow-up opportunities. Chances are that you will not satisfy the government investigator during your initial contact. You must provide opportunities to give further information or to follow-up on points that you could not answers in the initial contact.

Finally, be respectful and truthful. It will not serve you to tell the government what you think it wants to hear. Provide accurate answers to the best of your ability.

Dealing with the government does not have to be frightening. By preparing in advance, and implementing your plan as needed, you will greatly increase your chances of weathering a government investigation.