An interesting article on BreachCenter from May of 2009 that is worth reading, again. The threat of a data breach is real, if not certain. Knowing that the threat of a data breach is real, your company needs to be prepared. Planning ahead is the key to maintaining customer faith, complying with required regulation and ensuring the continuity of your day-to-day business.
Few events can damage a company’s reputation more than losing the personal confidential information entrusted to a business by its customers – a data breach. Even before factoring in the negative impact to employee morale, business partner relationships and regulatory dialogues, a data breach can be very costly if not handled properly. Customers have shown a propensity to stop doing business with companies that cannot protect their confidential information, and do not take care of their customers when a breach occurs.
Despite enormous investments in prevention, breaches continue to occur with alarming regularity. According to the Identity Theft Resource Center (ITRC), in 2008 there were 656 data breaches that exposed over 35 million records, an increase of over 30% from the number of events in 2007. The trend continues in the same direction.
Clearly prevention efforts are not enough. Companies also need to proactively plan for the worst case scenario that a breach actually occurs. “Breach Readiness” is a state of preparedness where all of the key decision makers have been identified, the key support relationships have been put in place, the applicable legal and regulatory requirements have been assessed, and the plan for action is ready to execute in the unfortunate event that a data breach occurs.
The purpose of the “Seven Steps to Data Breach Readiness” guide is to help organizations get started on the path toward taking care of customers when a data breach occurs. It helps you to proactively define your organizational roles and responsibilities to avoid redundancy and mistakes by creating your crisis management team ahead of time. Make sure you are able to fulfill your regulatory reporting by understanding the different requirements across the country. Allow your company to provide assurance to your customers by being ready to respond, offering them protection services that include easy enrollment and making expert representatives available for counsel. Avoid costly mistakes by executing a contract with a breach services provider before a breach occurs. Arrange to have your corporate communications plan, pre-drafted customer notification and call center capabilities established, as well as how you will message the event internally to your employees.