In today’s data driven world, most security experts agree that when it comes to data breaches, most businesses need to recognize it’s not a matter of what to do “if “ they experience a breach but what to do WHEN they experience a breach. After an incident is first discovered, in addition to implementing a data breach response plan, there are a myriad of legal and regulatory obligations for businesses to fulfill.
Currently 46 states have different data breach notification laws and federally, there’s an abundance of industry specific breach notice statutes so it’s imperative to work with data breach specialists who are knowledgeable about these assorted regulations.
Many companies generally turn to attorneys for regulatory and legal advice but it’s also important to work with breach professionals who can also provide guidance on how to communicate an honest and thorough message to customers that will relieve their fears about identity theft to prevent customer drop-off. Therefore, depending on the size and nature of the breach, there may be a need to set up a customer service hotline to answer customer’s questions and address their concerns. If appropriate and affordable, a business may also want to consider engaging the services of a vendor that can offer identity recovery services, credit monitoring or identity theft insurance to their customers to aid in customer retention and reputation management. Even if a business can only offer subsidized fraud protection services, it strategically can be more affordable to retain customers than acquire new ones.
The bottom line is addressing the loss of business data is stressful enough for a company without having to juggle various vendors to handle the numerous responsibilities attached to a breach. There is so much to think about and do that ultimately, it may be more cost-effective for businesses to consider a provider that offers comprehensive data breach services from incident response to resolution to customer and regulator follow-up. A la carte services from different providers may at first seem less expensive but when a data breach actually occurs and a company’s reputation and data is at risk, in the long run it may just be more prudent due to peace of mind to know that you can turn to one company that specializes in breach resolution.