This “Data Breach Response – How To” article is part of our larger series by Heather Noonan.
When I first learned how to write a data breach notification letter, I was told to write it at a sixth grade level. To me, this didn’t make any sense. I went to college and I’ve been in the business and communication world for many years. We don’t write at the sixth grade level. We use fancy words and company jargon such as superfluous, betamaxed and scope creep.
Now, after also working in privacy and healthcare for many years, I finally understand. I get it. You need to write a letter that your grandmother, brother and neighbor down the street are all going to understand. You need to be cordial, accept responsibility and write the letter as if it was intended for your grandmother. Yes, I’m referring back to your grandmother again. Someone who has no idea what a data breach is and the mere mention of “identity theft” has her running to the bank to cancel all her credit cards. If you think it’s easy, history is littered with examples of bad data breach notification letters.
A couple simple tips and recommendations for all of us in the healthcare data breach world:
- Take responsibility and apologize. If you just lost your friends wallet and their personal information, wouldn’t you say you were sorry in some form or fashion?
- Be clear and unassuming. Most people today understand identity theft, but data breach is still a foreign word. Explain what happened, be transparent and honest. Otherwise, it is going to come back and bite you. And just like anything in life, you will have to remember who you said what to, and what really happened.
- Write at a sixth grade level, for everyone to understand.
- Explain their options without scaring them. Provide them a phone number and resources if they are concerned and want assistance.
- Remember that you are a large company and they are a single person, a person simply trying to protect themselves in this big scary world.
- Be leery of red flags. Send your letter to someone outside the company and ask how it reads to them. Does it scare them or do they feel some type of comfort?
- Explain how you are bettering the company and making sure this type of incident doesn’t happen again.
- Lastly,apologize again and mean it.