Photo Alt Text

Data Security Breaches

Just three years ago, data breaches represented an untamed frontier of crisis communications. Today, the fundamental elements are being refined to include…
  • A promise to protect customers’ personal data along with a credible sense of how that is going to be done
  • A palpable and believable expression of concern about customer welfare
  • A visible enterprise security program that links privacy and security and involves oversight, controls, annual reviews, and updates
  • Convincing evidence that the company is learning fast from past mistakes, and will incorporate what it learns into future efforts
Tactical best practices have likewise been implemented…
  • Plan a media strategy through websites and blogs. Anticipate the data exposure problems that may likely occur in the future and create a “dark site” now, which will be ready to go “live” as soon as a crisis occurs.
  • Identify those in the blogging, academic, legal, NGO, and government communities who are likely to be sympathetic and helpful. By doing so, companies can populate their own and other online resources with rich content from supportive third-party spokespersons.
  • Train or outsource a data exposure hotline team that can handle the communications, legal, and policy issues. Outsourcing provides an adjustable and coordinated capacity to manage issues and meet call volumes without major investments.
  • Consider self-reporting and even apologizing to the public. It will show that the company is one of the good actors and will thus dramatically lessen how long a story stays in the news. However, the messaging here needs to be fairly nuanced. It could seem contradictory to apologize for a situation and claim to be a victim at the same time.
  • Get buy-in now from professional and trade associations. It will show that the company is part of the solution, not the problem. Map out an agenda of collaborative efforts with respect to both any current situation as well as longer-range public awareness campaigns.  
Experts say the security theft problem will grow by a factor of 20 before the decade is ended. Meanwhile, observers question the commitment of some big businesses to solve the problem if doing so requires executive and board time for oversight and expenditures to support an enterprise security program. Early court and administrative decisions lean toward an understanding that security is not 100%, but a company is expected to have the right policies, processes, and procedures in place to prevent, mitigate, and respond to security breaches.
 
In this regard, crisis management must be collaborative, it must be transparent, it must be proactive, and it must be part of the company’s security program rather than an ad hoc exercise after an event. The alternative is recurrent and increasingly serious systemic breakdowns that will continue to feed organized crime, cyber terrorists, and bad actors – including insiders.

 

Read an excerpt

1900 M Street, NW    Washington, DC 20036    P 202.973.1300    F 202.973.1301
About Levick |  Practice Areas |  Case Studies |  Speaking |  Resources |  News |  Careers |  Blog
Privacy Statement      Disclaimer      Site Map