Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Involve Appropriate Company Resources

Coordination is key. Every individual in your organization can, and may have to, contribute to a data breach investigation. So, ensuring that the various departments of your company know their assigned duties and roles is essential.

A 2007 survey conducted by the privacy group Ponemon Institute found that the more security and privacy officers at a company collaborate, the more the company is likely to avoid a data breach. In fact, the study concluded that organizations with poor collaboration were more than twice as likely to suffer a data breach as organizations with good collaboration.

But adequate planning should extend beyond the security and privacy components of your organization. When you're in crisis mode and responding to a data breach, every person must know his or her role and carry it out without fail. While the IT professionals are investigating and remediating the circumstances that led to the breach in the first place, customer service can be readying for the potential barrage of consumer or media calls, and sales can be preparing to calm angry customers.

Coordinating all of the talents and resources of your company can be a daunting task. However, knowing what roles each group or department is expected to play and training the workforce to understand the importance of their contributions can be accomplished through a systematic survey of your company's structure.

Don't delay in taking account of your company's resources. A few hours spent today may well save you many long hours and money if that data breach occurs.