Every Organization Should Make Data Breach Preparedness Part of Its New Crisis Plan

By: Cosmo Macero Jr.

databreach2016
Source: 2017 Commonwealth of Massachusetts, Data Breach Notification Statistics www.mass.gov

In an effort to support greater transparency for Massachusetts consumers, the Commonwealth’s Office of Consumer Affairs and Business Regulation announced that its Data Breach Notification Archive is now accessible online. In 2016, over 188,000 Massachusetts residents were affected by data breaches.

State law requires that any company or other entity that keeps personal information about a Massachusetts resident notify state officials, as well as affected customers, any time that information is compromised — either by accident or an intentional act.

Data breaches not only harm consumers but also can damage the reputation of financial institutions, retail companies, hotels, and many more. Every company or organization maintaining a database with sensitive consumer or personal information must be prepared to effectively and efficiently respond to potential breaches of data. Remember, a data breach can occur from internal or external hacking, technological mishap, or an unintended error by an employee. While each situation will be unique, there are a few standard practices to have in place.

How your company can be proactive before a crisis situation:

  • Make sure your crisis communications plan addresses data breach scenarios
  • Understand what data you keep, how it is secured, and your regulatory compliance
  • Media train your executives

How your company can respond to a data breach:

  • Verify all facts
  • Assess your actions and responses from the consumers’ point of view
  • Know how you will most efficiently and quickly reach your consumers
  • The best public communications strategy following a data breach begins with the communication to your customers

a. Be transparent about the breach with customers; explain what happened and how it is being resolved; provide assurance that their concerns will be addressed and any security flaws rectified

b. Once you’ve completed those steps, the broader public communications strategy is pretty simple: tell the public exactly what you’ve done to protect your customers and address the breach.

c. In some cases this may be through the news media

How your company can recover from a data breach:

  • Keep communicating with your consumers, updating them on steps you have taken
  • Update your crisis plan and share your lessons learned with employees and other stakeholders
  • Encourage continued transparency

O’Neill and Associates helps clients proactively prepare for crisis situations, and should disaster strike, our experienced professionals are ready to serve as spokespeople and provide strategic guidance. Your reputation is on the line in a crisis situation; our services protect this valuable asset. Learn more about our services by visiting www.oneillandassoc.com or give us a call at 617-646-1000.