1 / 24

Mending Fences After a Breach

Mending Fences After a Breach. IAPP Global Privacy Summit, 3/8/12. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information Management Practice Hunton & Williams Susan Grant Director of Consumer Protection

kueng
Download Presentation

Mending Fences After a Breach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mending Fences After a Breach IAPP Global Privacy Summit, 3/8/12

  2. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information Management Practice Hunton & Williams Susan Grant Director of Consumer Protection Consumer Federation of America

  3. Session Outline • Cost of a Data Breach • Bad Communications • Better Communications • Making Amends • Communications & Litigation

  4. Sony Data Breach Exposes Users to Years of Identity-Theft Risk SecurID Company Suffers a Breach of Data Security Entrust Survey Reveals RSA Data Breach Undermines Confidence in Hard Token Authentication Congress Probes TRICARE Breach Bipartisan Effort to Learn More About Massive Incident

  5. Breach Cost by Activity Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

  6. Lost Trust = Lost Customers Some industries suffer more than others. Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

  7. Breach Impact on Reputation Ponemon, Reputation Impact of a Data Breach, November 2011

  8. Baaaaad Communications

  9. Notification Timing Issues • Not too soon, not too late. • Consider delivery date. • Avoid multiple flights of notices.

  10. Notice Issues • A legal notice? A communications piece? A marketing tool? • Tone • What NOT to say • Who’s it from? • Addressed to whom?

  11. EXAMPLE OF A NOT GREAT NOTICE • User name • Email • ENCRYPTED billing address • ENCRYPTED credit card info Why?? Huh?

  12. Better Communications

  13. BEFORE 351 Words, 12th Grade AFTER 224Words, 8th Grade

  14. Good Communications Strategies • Outside communications firms • Internal folks to train • Employee communications • Regulator communications • Media

  15. Making amends

  16. Tips for Yom Kippur • Accept that you screwed up. • Express sincere remorse for your actions. • The other person may not be able to accept your apology. • Where possible take action to restore what was lost. • Reflect on what you’ve learned. From Twin Cities Hub for Jewish Stuff

  17. Choosing a Make-Good Product • Should you provide an identity theft service? • If no, what else could you do to help your customers? • If yes, what type of service would best fit your customers’ needs under the circumstances? • What should you look for and what should you avoid when choosing a service?

  18. A contrite word may forestall litigation Before litigation, don’t think like a litigator If you offer a gift card to one unhappy customer, be prepared to offer one to all in settlement of an action If litigation is inevitable, vet all communications through the legal team Communications Before & During Litigation

  19. References & Resources • California Office of Privacy Protection, Recommended Practices on Notice of Security Breach (1/12), www.privacy.ca.gov/business • Consumer Federation of America, Shopping for ID Theft Services, at www.idtheftinfo.org • Plain language resources • www.plainlanguage.gov • www.transcend.net/library/tools.html

  20. What to Do Next Week • Review “Shopping for ID Theft Services” and select product(s) for future use. • Review your breach notice templates. Share plain language resources with your communications people .

More Related