If a breach is inevitable, then plan for one

These days, the only thing worse than actually having a data breach may be lacking a plan to deal with such an incident.

And, given the studies and stats I regularly read, it seems inevitable a data breach will occur at any given company, so the message is this: You better be ready.

I attended a portion of last week's IAPP Practical Privacy Series event in New York. This message of the need for readiness rang loud and clear during a session titled "Privacy Breach Simulation" in which four panelists pretended to deal with the issue of a stolen employee laptop containing the names and Social Security numbers of hundreds of clients.

The panel mentions the critical need for a data-loss prevention program.

"One of the essential themes is planning ahead," says Alan Charles Raul, an attorney with Sidley Austin who helps corporations grapple with data breaches.

Meanwhile, Karen Doyne, a crisis manager, said companies should have designated crisis response teams in place. Each member should know exactly what their obligation is the minute the breach is discovered. Responding quickly and providing the proper public message is key, especially considering today's online-intensive world in which a breaking story is just a blog away from becoming front-page news.

"Some have said the first 48 hours (after a breach) are the most critical," she said. "These days, the first 48 minutes are the most critical."

Are you ready?

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.