Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Mending Fences After a Breach - Centre for Information Policy

advertisement 
Mending Fences After a
Breach
IAPP Global Privacy Summit, 3/8/12
1
Joanne McNabb, CIPP/US/G/IT
Chief
California Office of Privacy Protection
Lisa Sotto
Partner & Head, Privacy & Information
Management Practice
Hunton & Williams
Susan Grant
Director of Consumer Protection
Consumer Federation of America
2
Session Outline
•
•
•
•
•
Cost of a Data Breach
Bad Communications
Better Communications
Making Amends
Communications & Litigation
3
Sony Data Breach Exposes
Users to Years of Identity-Theft
Risk
SecurID Company Suffers a Breach
of Data Security
Entrust Survey Reveals RSA Data Breach
Undermines Confidence in Hard Token
Authentication
Congress Probes TRICARE Breach
Bipartisan Effort to Learn More About Massive
Incident
4
Breach Cost by Activity
Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach
5
Lost Trust = Lost Customers
Some industries suffer
more than others.
Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach
6
Breach Impact on Reputation
Ponemon, Reputation Impact of a Data Breach, November 2011
7
8
Notification Timing Issues
• Not too soon, not too late.
• Consider delivery date.
• Avoid multiple flights of notices.
9
Notice Issues
• A legal notice? A communications piece? A
marketing tool?
• Tone
– What NOT to say
– Who’s it from?
– Addressed to whom?
10
EXAMPLE OF A
NOT GREAT
NOTICE
• User name
• Email
• ENCRYPTED
billing address
• ENCRYPTED
credit card info
Why??
Huh?
11
12
BEFORE
351 Words, 12th Grade
AFTER
224Words, 8th Grade
13
14
15
16
Good Communications Strategies
•
•
•
•
•
Outside communications firms
Internal folks to train
Employee communications
Regulator communications
Media
17
Making amends
18
Tips for Yom Kippur
• Accept that you screwed up.
• Express sincere remorse for your actions.
• The other person may not be able to accept
your apology.
• Where possible take action to restore what
was lost.
• Reflect on what you’ve learned.
From Twin Cities Hub for Jewish Stuff
19
Choosing a Make-Good Product
• Should you provide an identity theft service?
• If no, what else could you do to help your
customers?
• If yes, what type of service would best fit your
customers’ needs under the circumstances?
• What should you look for and what should
you avoid when choosing a service?
20
21
Communications Before & During
Litigation
• A contrite word may forestall litigation
• Before litigation, don’t think like a litigator
• If you offer a gift card to one unhappy
customer, be prepared to offer one to all in
settlement of an action
• If litigation is inevitable, vet all
communications through the legal team
22
References & Resources
• California Office of Privacy Protection,
Recommended Practices on Notice of Security
Breach (1/12), www.privacy.ca.gov/business
• Consumer Federation of America, Shopping
for ID Theft Services, at www.idtheftinfo.org
• Plain language resources
– www.plainlanguage.gov
– www.transcend.net/library/tools.html
23
What to Do Next Week
• Review “Shopping for ID Theft Services” and
select product(s) for future use.
• Review your breach notice templates. Share
plain language resources with your
communications people .
24
Related documents
Interested Industry Participant Registration Form
Interested Industry Participant Registration Form
Review, Grammar and Test
Review, Grammar and Test
Data Privacy and Data Security Compliance Issues
Data Privacy and Data Security Compliance Issues
Fee for Intervention
Fee for Intervention
20150819_invitation_workshop_20151015
20150819_invitation_workshop_20151015
what are some of the things social workers get sued for?
what are some of the things social workers get sued for?
Remedies for Breach of Contract pages 210-214
Remedies for Breach of Contract pages 210-214
here
here
5 Reasons Why You Need CNA NetProtect® for McDonalds
5 Reasons Why You Need CNA NetProtect® for McDonalds
Production_Agreement
Production_Agreement
PRIVACY BREACH CHECKLIST
PRIVACY BREACH CHECKLIST
Data Security Breaches
Data Security Breaches
Download
advertisement