This “Data Breach Response – How To” article is part of our larger series by Heather Noonan.
I realized while writing our “How to” section that people often prefer bullet points or numbered lists. They want high level basics. Just give me the main notes, not all the details. I realize I am the same way. I see an article on eating better and I want the specific foods I need in my diet. Broccoli, almonds and yes, blueberries. Got it! I’m not always in the mood to read a paragraph about why they are good for me. Just give me the quick, high level basics.
So today, I’m giving you the basics. This “How to” is similar to our “How to Write a Data Breach Notification Letter”. You will find a consistent message in both.
- Explain in simple terms, using simple words, what happened.
- Keep your paragraphs and letter shortand to the point. Most people don’t want to read 5 paragraphs on how your systems security didn’t use hardware based full disk encryption (FDE) with filesystem-level encryption.
- Advise that they weren’t alone, it wasn’t just their information.
- Provide a straightforward response on how this won’t happen again. Don’t say “we are working to improve security”. What does that mean? That could mean a hundred different things. You can be lengthier with this section, but make sure it makes sense to a normal person. Someone outside of IT.
- Provide resources. Provide phone numbers and addresses of who they can contact for more information and assistance. People need to feel cared for and need a reason to want to stay your customer or patient. This is probably one of the most important pieces. Give me a reason to stay your patient otherwise I can take my business elsewhere.
- Provide credit resources if they do become a victim of identity theft.
- Apologize. I know you will see this a lot from me, but trust me, it goes a long way.
Senior Project Manager-Data Breach Response Team