Technology & Innovation

Defending reputation during a data breach

September 30, 2014

Global

September 30, 2014

Global
Anonymous Writer

_______________________

_______________________

From a reputation perspective, if a business is unable to show that it has taken all reasonable steps to protect its systems and the information of its customers, not only does it risk breaching its regulatory obligations, but its reputation will also be at risk.

From opening mail to sifting through rubbish, determined individuals have always gone to great lengths to get their hands on sensitive information and whilst the methods for gathering business-critical information in today’s digital age may be less ‘hands on’, they are just as devious. 

With data technology having advanced at a record pace over the last decade, the sheer volume of data that businesses hold, coupled with the international nature of our online activities, means that our data is now everywhere.

A data loss incident, irrespective of whether it stems from an external phishing attack or the inadvertent actions of an employee, can happen at any time and is never convenient. That is why businesses need to ascertain what they can do proactively to mitigate the risk of a data breach, so that when a breach does occur, proven and tested processes are in place to deal with the issue alongside day-to-day operations. From a reputation perspective, if a business is unable to show that it has taken all reasonable steps to protect its systems and the information of its customers, not only does it risk breaching its regulatory obligations, but its reputation will also be at risk.

From a reputation perspective, an effective data breach response is underpinned by four key principles:

1.    Be fast – when a breach occurs, the first 72 hours are the most crucial. Businesses will need to investigate the cause, put in place remedial measures, handle the media and consider who needs to be informed from regulators and customers. Preparation will help ensure you make the right decisions quickly, safe in the knowledge that you are on solid legal ground.

2.    Be cohesive – As soon as the clock starts ticking, businesses will require a whole array of functions to click into place. That is why those responsible for dealing with a breach need to understand how their role and the role of others fit into the bigger picture.

3.    Focus on the human factor – Whether accidental or malicious, the common factor in all data breaches is human error. That is why it’s important for businesses to work with their HR teams to ensure every individual in the business understands their role in guaranteeing that the business emerges with its reputation and bottom line intact.

4.    Practice your response – We all learn best from our mistakes but with business and customer confidence at stake, a data breach could prove an expensive lesson. A full scale dress rehearsal will allow you to simulate a data breach so that the right calls become second nature.

The real threat of a data breach is not so much the incident itself, but the lasting damage it can do to reputation. Customers learning of a breach before you have had a chance to communicate the breach to them can be hard to recover from. A robust and resilient reputation therefore requires an informed and fast response so that when a data breach does occur, it can be handled effectively whilst increasing the likelihood of fair media coverage.

Rachel Atkins is a leading expert in reputation protection and commercial litigation ensuring disputes don’t end up in disrepute for corporate organisations and c-suite executives. Ms Atkins is speaking at our upcoming General Counsel event in London. 

 

 

 

Enjoy in-depth insights and expert analysis - subscribe to our Perspectives newsletter, delivered every week