How an organization communicates in the wake of a major breach incident can play an important role in maintaining the organization's reputation and minimizing the financial impact.
But how can your organization avoid mismanaging post-breach communication and potentially wasting millions of dollars?
Join us for this webinar, featuring an attorney who advises clients on breach resolution and other security matters, who will:
Discuss how to prepare a breach response plan, including a communication strategy;
Review the do's and don't's of post-breach communication, outlining best practices;
Offer insights on when to hire and how to select a breach resolution or public relations firm.
Making the quick communication decisions needed to mitigate the potential harm of a data breach is challenging. Too many organizations in all business sectors mismanage data breach response efforts, making decisions without complete knowledge and lacking a clear and forthright message.
Recent breach responses provide examples of the how confusing, inconsistent post-breach communication can do more harm than good. Examples include: Sony's announcement that it had initially underestimated the number of consumers affected by a breach; Hannaford's use of a single notice letter to 4.2 million consumers even though only 1,800 individuals had fraudulent charges; and the inconsistencies between the information released by Global Payments about its breach and the updates on the incident provided by VISA.
The failure to prepare proactively for a data breach can magnify the damage caused by the incident. A poorly handled breach can result in negative press, lost revenue, expensive mitigation costs and time-consuming and distracting litigation.
Carefully planned communication in the wake of a major breach incident can play a major role in maintaining the organization's reputation and minimizing the financial impact of a breach. Good communication also can help mitigate or prevent unnecessary litigation or government investigations.
In this webinar, our speaker, a legal expert who has advised organizations that have experience breaches, will review the essential components of a successful post-breach communication strategy, including:
Preparing proactively for data breaches by conducting compliance and security assessments, designating an internal breach response team, establishing relationships with key vendors and developing breach response communication plans;
Testing a breach response plan, including the communications component;
Providing accurate and timely notice communications by quickly and efficiently collecting the facts to understand the breach, developing methods to identify all relevant audiences, crafting the right message and identifying the best means of communication;
Determining when to hire a breach resolution or public relations firm to help with post-breach communications;
Planning how to inform appropriate regulators, such as state attorneys general, before issuing a breach notice.
Attendees also will learn about how to avoid mistakes, including:
Providing inaccurate or confusing notice communications, including communications that provide a limited, legalistic or formulaic response;
Failing to develop proper remediation and mitigation processes and using a process that frustrates consumers;
Ignoring certain audiences that should be contracted regarding a data breach.
Ron Raether leads the Cybersecurity, Information Governance and Privacy practice and is a partner in the Consumer Financial Services practice group at Troutman Pepper. Ron is known as the interpreter between businesses and information technology, and has assisted companies in navigating federal and state privacy laws for over twenty years. Ron's understanding of technology led him to be involved in legal issues that cross normal law firm boundaries, including experience with data security, data privacy, patent, antitrust, and licensing and contracts. This experience allows Ron to bring a fresh and creative perspective to data compliance issues with the knowledge and historical perspective of an industry veteran.
Ron's involvement in seminal data compliance and data use cases has helped define current standards in several areas of the law. He assisted one of the first companies required to provide notice of a data breach and has since successfully defended companies in hundreds of class actions and regulatory investigations. Ron represents clients in a broad range of technology and data privacy matters including data aggregation and analytics, mobile applications, de-identification/anonymization, including correlating data from multiple connected devices, "connected-things (IoT)," electronic crash- and consumer-reporting systems, and payment technologies. Ron also advises on pre- and post-incident compliance concerns ranging from the development of incident response plans and workflows, guiding clients through immediate forensic investigations, coordinating initial crisis management, which includes navigating clients through the maze of state and federal notification requirements, addressing post-incident aftermath, and responding to regulatory inquiries. Balancing privacy, cyber security and business functionality, Ron's approach to data governance is uniquely designed with the industry in mind as it adapts to the ever-evolving technological and legal landscape.