The advent of big data and consequently, the task of collecting and analyzing it, can reap many benefits for organizations looking for deeper insight. We create 2.5 quintillion bytes of data daily1 in all aspects of everyday life. Organizations can use this data to increase productivity, provide more value to customers, or patients and make better decisions.
But along with the rewards, comes risk. Big data can result in a big data breach. And, a big data breach can mean the loss of customers, patients and your overall reputation. In fact, 75 percent of the respondents in a new Ponemon Institute study say they had, or expect to have, a big data breach that results in negative public opinion. The study, “Is Your Company Ready for a Big Data Breach,” was sponsored by Experian®Data Breach Resolution.
Negative publicity and the loss of customers were two of the top concerns of respondents in the study, which was designed to determine how prepared organizations are to respond to a big data breach. The study defines a big breach as one involving more than 1,000 records containing sensitive or confidential information. The study also looks at ways organizations can reduce the negative consequences of a material breach.
Here are three tips to help your organization save customers or patients – along with your hard-earned reputation – following a big data breach.
1. Communication is vital
Although most of the respondents in the study have an incident response team, only 21 percent have an internal communications team trained to notify victims, regulators and the media. With large breaches, it’s often necessary to hire a breach resolution provider to assist with the notification and large volume of calls that usually follows. Still organizations need to have a trained internal team to work with the resolution provider and with regulators, the press and their own customers after the breach response process is complete.
2. Contact every victim
Organizations need to improve communications and reach out to all victims, according to the study. Only 11 percent of the respondents check to see if every victim was contacted about the breach. The study also found that only 10 percent of the organizations have a process for receiving feedback from the victims
It would be wise for organizations to establish a process in which victims could provide feedback on how they were notified of the breach, if the notification was written clearly, and if their questions were answered when they called to get more information.
3. Strive for accuracy
Only 23 percent of the respondents in the survey could determine the potential or actual harm to their data breach victims. In order to become more accurate, organizations should establish processes to help them determine who was affected by the breach so they can avoid over-reporting or under-reporting the incident. It also might be helpful to restrict or limit disclosure of the incident until the analysis and investigation are complete.
The bottom line is that a large material data breach is never going to be a pleasant experience. But if you communicate clearly, honestly and promptly with everyone involved, your efforts will go a long way toward retaining customers and salvaging your public image.
1 “Understanding Big Data,” IBM, 2012.
The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality
information but make no claims, promises or guarantees about the accuracy, completeness or
adequacy of the information contained.