Prepare for a Data Breach: We’re All at Risk Now

6 questions you need answered to protect your business

There are two kinds of companies today: those that have already had a data breach and those who don’t know their data has been breached. It’s a sad fact of our time that nearly every aspect of our society has been hacked, including education, business and government. The Venable law firm reports that 621 confirmed data breaches occurred in 2012 alone, and retailers represented 21.7 percent of network-based data breach incidents.
 Is your company ready? What will it cost for it to be ready? Can data breaches be prevented? These were just some of the key questions covered in a recent Direct Marketing Association (DMA) webinar on retailer readiness for data breaches.

Q1. What can retailers 
and other companies 
do to be prepared?

Every company can take a proactive approach to consumer data protection and security, starting with the checklist that’s in our newly released 2014 Ethical Business Requirements for the industry, said Senny Boone, general counsel for DMA and the association’s lead on compliance and ethical standards. Should you be in a situation where you’re dealing with law enforcement, it’s important to have a published privacy and security policy as well as documented internal processes and meaningful employee training. This isn’t just for protection of your business, but for protection of consumers and the fragile trust that you hold with every customer and prospect.

Q2. Is the marketing 
department responsible for data breach 
readiness and data 

Marketers are at the epicenter of data breaches because of their closeness to the data and their commitment to advocate for the respectful treatment and care of consumers and data, Boone said. Thus marketers have the ability and opportunity to break down silos and be the lead on data security policies with other functions like legal, privacy, IT, colleagues in marketing (e.g., email, social and digital) and even HR people. For example, the DMA Guidelines now include guidance on “BYOD” or bring your own device. No longer just an HR issue, this impacts your employee training too.

Q3. How ready is “ready”? 
Is this a document you create and keep for 
a crisis?

Keeping yourself a moving target is good advice in life as well as data security, said Stuart Ingis, Esq., managing partner at Venable LLC. Readiness is about preparedness, but also keeping up with practices, processes and technologies. It requires listening to customers and adapting the readiness program to include new channels. Ingis advises that you plan ahead and identify a team before a breach occurs in order to lower costs of data breach response as well as minimize impact and processing time. Your plan should facilitate a prompt and coordinated response in order to be rapid, thorough and reasoned. You want to focus on notification for both internal teams and external parties (e.g., customers, partners, credit card companies, and, even if not required, regulatory agencies and law enforcement).

Stephanie Miller leads the IMM/integrated marketing management practice for brand and marketing technology strategy firm TopRight ( She is a relentless customer advocate and a champion for marketers creating memorable customer experiences. A digital marketing and CRM expert, she helps sophisticated marketers balance the right mix of people, process and technology to optimize a data-driven content marketing strategy. She speaks and writes regularly and leads several industrywide initiatives. Feedback and column ideas are most welcome at or @stephanieSAM.
Related Content