Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Implementing A Data Breach Plan

Your response to any data breach incident should be governed by a Data Breach Plan. In Building a Data Breach Plan, you have consulted with the appropriate individuals inside your company and have mustered the necessary expertise provided by outside consultants. But now what?

Constructing the necessary components of your Data Breach Plan is but half the battle. You must implement your plan. Implementation requires coordination. You must secure a commitment from each individual in your company, because every person can play some role in responding to or remediating a data breach.

You are probably thinking that the only people you need are IT professionals dedicating to auditing and securing computer systems. While that is partially true, consider for a moment who will be handling the worried or, worse, hostile complaints from customers or consumers whose information has been improperly accessed. Individuals in customer service or sales are on the front line in the data breach wars, and they must be treated as an integral part of your Data Breach Plan. Providing the right training in what to say, and when to say it, can be the difference between retaining a customer and losing one for good.

As the lifeblood of a business, customers must be made to feel confident that you are responding appropriately and immediately to data breach issues. A recent study surveyed the reputation impact and customers' concern at receiving a data breach notification letter. The study found that nearly 20% of customers terminated their relationship with the organization issuing the data breach announcement, and 40% considered taking their business elsewhere. It is vitally important that customer issues are handled with the proper tact and knowledge base.

Implementation of a Data Breach Plan should account for those individuals who will be interacting with the various players in the data breach incident, from customers to government regulators. The links below explain how the various pieces of the data breach puzzle can be put together:

1. Coordinating among Company Departments
2. The Role of Legal Counsel