Data Breach Response

The old adage that an ounce of prevention is worth a pound of cure has never been truer than in the context of data breach preparedness and response. As general agreement settles in to the fact that data breaches are essentially an inevitability for any firm with substantial data holdings-some 43 percent of companies suffered a breach in 2013 alone-the onus is on CPOs and privacy leads to studiously plan for the day when breach response is needed.

Along the way, your organization will be better prepared to prevent a breach from happening in the first place.

While there are a number of data breach guides out there, here at the IAPP we have chosen to focus on the many relationships and stakeholders involved in breach preparedness and response. Responding to a breach correctly involves a suite of people both inside and outside your organization. Understanding the best way to most efficiently utilize those people goes a long way toward ensuring that your response manages costs, manages business impact and puts the breach behind your organization as quickly as possible.

"Responding to a data breach is a lot like fighting a fire," notes Gerard Stegmaier, CIPP/US, a partner with Goodwin Procter. "Once the alarm goes off, it pays to have a plan and to work immediately to address the safety of anyone in the building, contain the fire and preserve the scene for the investigators. Safety comes first, then investigation and remediation. Keeping calm, being methodical and ensuring access to the right resources for management always ensures better outcomes."

Seems like an obvious truism, but, "Incident response preparedness is all over the map," notes Co3 Systems' Tim Armstrong. "Some organizations are well-prepared. But more often we find that even Fortune-500 companies that have spent millions of dollars on preventive and detective controls have significant shortcomings handling day-to-day security and privacy events, not to mention a major breach."

Oftentimes, that's because the organization hasn't taken the time and effort to develop the relationships inside and outside the building necessary for rapid and coordinated response.

In the following document, we offer up a way of getting the necessary relationships in place and then outline how best to leverage those relationships once the breach has occurred.

Part I: BREACH PREPAREDNESS: Setting up your incident response team and laying the groundwork for proper vendor management

Part II: LEGAL SERVICES: Your breach coach and beyond

Part III: IT SERVICES: Forensics is more than just figuring out what happened

Part IV: PR SERVICES: Making sure you craft the proper message for the intended recipients-including regulators

Part V: CONSUMER SERVICES: How to make things right, retain your customers and come out the other side relatively unscathed