slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Mending Fences After a Breach PowerPoint Presentation
Download Presentation
Mending Fences After a Breach

Loading in 2 Seconds...

play fullscreen
1 / 24

Mending Fences After a Breach - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

Mending Fences After a Breach. IAPP Global Privacy Summit, 3/8/12. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information Management Practice Hunton & Williams Susan Grant Director of Consumer Protection

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Mending Fences After a Breach' - kueng


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Mending Fences After a Breach

IAPP Global Privacy Summit, 3/8/12

slide2

Joanne McNabb, CIPP/US/G/IT

Chief

California Office of Privacy Protection

Lisa Sotto

Partner & Head, Privacy & Information

Management Practice

Hunton & Williams

Susan Grant

Director of Consumer Protection

Consumer Federation of America

session outline
Session Outline
  • Cost of a Data Breach
  • Bad Communications
  • Better Communications
  • Making Amends
  • Communications & Litigation
slide4

Sony Data Breach Exposes Users to Years of Identity-Theft Risk

SecurID Company Suffers a Breach of Data Security

Entrust Survey Reveals RSA Data Breach Undermines Confidence in Hard Token Authentication

Congress Probes TRICARE Breach

Bipartisan Effort to Learn More About Massive Incident

breach cost by activity
Breach Cost by Activity

Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

lost trust lost customers
Lost Trust = Lost Customers

Some industries suffer more than others.

Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

breach impact on reputation
Breach Impact on Reputation

Ponemon, Reputation Impact of a Data Breach, November 2011

slide8

Baaaaad

Communications

notification timing issues
Notification Timing Issues
  • Not too soon, not too late.
  • Consider delivery date.
  • Avoid multiple flights of notices.
notice issues
Notice Issues
  • A legal notice? A communications piece? A marketing tool?
  • Tone
    • What NOT to say
    • Who’s it from?
    • Addressed to whom?
slide11

EXAMPLE OF A NOT GREAT NOTICE

  • User name
  • Email
  • ENCRYPTED billing address
  • ENCRYPTED credit card info

Why??

Huh?

slide12

Better

Communications

slide13

BEFORE 351 Words, 12th Grade

AFTER 224Words, 8th Grade

good communications strategies
Good Communications Strategies
  • Outside communications firms
  • Internal folks to train
  • Employee communications
  • Regulator communications
  • Media
tips for yom kippur
Tips for Yom Kippur
  • Accept that you screwed up.
  • Express sincere remorse for your actions.
  • The other person may not be able to accept your apology.
  • Where possible take action to restore what was lost.
  • Reflect on what you’ve learned.

From Twin Cities Hub for Jewish Stuff

choosing a make good product
Choosing a Make-Good Product
  • Should you provide an identity theft service?
  • If no, what else could you do to help your customers?
  • If yes, what type of service would best fit your customers’ needs under the circumstances?
  • What should you look for and what should you avoid when choosing a service?
communications before during litigation
A contrite word may forestall litigation

Before litigation, don’t think like a litigator

If you offer a gift card to one unhappy customer, be prepared to offer one to all in settlement of an action

If litigation is inevitable, vet all communications through the legal team

Communications Before & During Litigation
references resources
References & Resources
  • California Office of Privacy Protection, Recommended Practices on Notice of Security Breach (1/12), www.privacy.ca.gov/business
  • Consumer Federation of America, Shopping for ID Theft Services, at www.idtheftinfo.org
  • Plain language resources
    • www.plainlanguage.gov
    • www.transcend.net/library/tools.html
what to do next week
What to Do Next Week
  • Review “Shopping for ID Theft Services” and select product(s) for future use.
  • Review your breach notice templates. Share plain language resources with your communications people .