Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Building Relationships with Vendors/Suppliers

Your business operations may rely upon the services of third party vendors or suppliers. Those third parties that provide data services regarding the information in your possession will be most interested in data breaches that occur at your facilities. Proper planning now may alleviate potential problems with your vendors and suppliers if you suffer a breach.

Know your contractual obligations. Your vendor or supplier contracts may contain provisions requiring you to act or notify certain individuals or entities following a data breach. You must be aware of these requirements, and you must be prepared to meet your contractual obligations when necessary. Catalog your contracts and corresponding obligations in advance. Establish a point of responsibility for ensuring that contractual notice obligations are met in the event of a data breach.

Inform vendors and suppliers of your data security practices. They'll appreciate the assurances, and may not necessarily immediately blame you in the event of a data breach. Although there's no need to disclose confidential or proprietary security measures that you have implemented, you can provide a general summary of the types of security systems that you have in place. In fact, if possible, keep vendors and suppliers involved in your data security practices.

Remember that you are not working against your vendors and suppliers when it comes to protecting the information that you rely on to operate your business. They have as much interest as you in keeping such information safe and secure. Working together will provide stability and continuity in your relationship, which may serve you well in the event you suffer a breach.