Prepare for a Data Breach: We’re All at Risk Now
6 questions you need answered to protect your businessApril 2014 By Stephanie Miller
There are two kinds of companies today: those that have already had a data breach and those who don't know their data has been breached. It's a sad fact of our time that nearly every aspect of our society has been hacked, including education, business and government. The Venable law firm reports that 621 confirmed data breaches occurred in 2012 alone, and retailers represented 21.7 percent of network-based data breach incidents. Is your company ready? What will it cost for it to be ready? Can data breaches be prevented? These were just some of the key questions covered in a recent Direct Marketing Association (DMA) webinar on retailer readiness for data breaches.
Q1. What can retailers and other companies do to be prepared?
Every company can take a proactive approach to consumer data protection and security, starting with the checklist that's in our newly released 2014 Ethical Business Requirements for the industry, said Senny Boone, general counsel for DMA and the association's lead on compliance and ethical standards. Should you be in a situation where you're dealing with law enforcement, it's important to have a published privacy and security policy as well as documented internal processes and meaningful employee training. This isn't just for protection of your business, but for protection of consumers and the fragile trust that you hold with every customer and prospect.
Q2. Is the marketing department responsible for data breach readiness and data protection?
Marketers are at the epicenter of data breaches because of their closeness to the data and their commitment to advocate for the respectful treatment and care of consumers and data, Boone said. Thus marketers have the ability and opportunity to break down silos and be the lead on data security policies with other functions like legal, privacy, IT, colleagues in marketing (e.g., email, social and digital) and even HR people. For example, the DMA Guidelines now include guidance on "BYOD" or bring your own device. No longer just an HR issue, this impacts your employee training too.
Q3. How ready is "ready"? Is this a document you create and keep for a crisis?
Keeping yourself a moving target is good advice in life as well as data security, said Stuart Ingis, Esq., managing partner at Venable LLC. Readiness is about preparedness, but also keeping up with practices, processes and technologies. It requires listening to customers and adapting the readiness program to include new channels. Ingis advises that you plan ahead and identify a team before a breach occurs in order to lower costs of data breach response as well as minimize impact and processing time. Your plan should facilitate a prompt and coordinated response in order to be rapid, thorough and reasoned. You want to focus on notification for both internal teams and external parties (e.g., customers, partners, credit card companies, and, even if not required, regulatory agencies and law enforcement).