Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Media Issues

"I fear three newspapers more than a hundred thousand bayonets." -- Napoleon Bonaparte.

The news media will invariably be interested in a data breach. The improper access of a citizen's personal information is thought of not just as news, but as an impending doom that simply must be told. Whether unwittingly or not, the media have the potential to make or break the object of their reporting. As William Randolph Hearst once said, "You can crush a man with journalism."

You must be prepared to handle inquiries from the news media, including the traditional print and broadcast media, as well as a slew of on-line journalists and privacy advocates, and interested bloggers. Your interaction with the media must be professional and courteous, even though they are seeking to report on a data breach that you would rather not gain attention.

But gaining a certain level of control is possible and imperative. You should work with the media outlets rather than against them. You may at first reject such an option because the media will report on topics that you would rather keep quiet, such as the extent of the breach, the specifics of how it happened, and other details that, for purposes of the notification laws, do not need to be provided.

The key is controlling the level of information provided, and the ultimate source of that information. You don't want to have every employee in your organization talking to every reporter who calls about the breach. Media issues must be handled in an organized and intelligent fashion. This requires the establishment of a Media Plan. After you have your plan, then you can implement it during a data breach when you are dealing with the media outlets.