Prepare for a Data Breach: We’re All at Risk Now
Q4. What if a data breach does happen?
When a data breach happens, a lot will be going on at once — in addition to your daily activities. Your data breach response timeline will need to be a multifaceted approach because response includes many moving parts that all need to happen at once. These range from call-center training to PR to law enforcement cooperation to research on relevant elements. You can't start with nothing, you have to have a plan or blueprint to figure out how to proceed, said Milo Cividanes, Esq., partner, Venable LLP.
The first 72 hours post-breach are critical to your business. You need to quickly pull together your team, get the plan out and contact your insurance company to trigger coverage if appropriate. You also need to respond to the situation, which could have other legal obligations and can vary by state.
Breach notification is regulated. Nearly all (47) states have breach notification laws, each with their own requirements. The rules will apply not just to the business location, but to the location of the people and/or data affected. Be sure that you have your requirements up to date. The laws generally require notification if a name is combined with personally identifiable information such as an email address, social security number, credit card number, etc.
We advise everyone to assess now where they stand in regards to data security, and also to stage a mock situation that will test their ability to react quickly and responsibly, Ingis said. It's better to make that investment up front and be ready if something happens.
Q5. How much does a data breach cost?
The financial cost of a data breach in 2012 was estimated at $5.4 million, Venable reported. Furthermore, that doesn't necessarily include the costs to recover brand reputation and consumer good will, as well as regulatory investigations even if there's not litigation.
Q6. Are consumers
The DMA hasn't yet seen a massive consumer hue and cry over data breaches, Boone said. The association accepts tens of thousands of consumer complaints per year about marketing practices, most of which are around choices offered via our consumer services like DMAChoice.org (opt out for direct mail) and AboutAds.info (opt out for behavioral advertising). Consumers do have anxiety and unease about marketing promises due to the recent compromising situations, so every marketer must be transparent and visible in practices around the collection and use of data.
Stephanie Miller is the senior vice president of member communications and engagement at the Direct Marketing Association (DMA), the world's largest trade association dedicated to advancing and protecting responsible data-driven marketing. Stephanie can be reached at email@example.com.