IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information.
Post on 14-Dec-2015
218 Views
Preview:
Transcript
Joanne McNabb, CIPP/US/G/ITChief California Office of Privacy Protection
Lisa SottoPartner & Head, Privacy & Information Management PracticeHunton & Williams
Susan GrantDirector of Consumer ProtectionConsumer Federation of America
2
Session Outline
• Cost of a Data Breach• Bad Communications• Better Communications• Making Amends• Communications & Litigation
3
Entrust Survey Reveals RSA Data Breach Undermines Confidence in Hard Token Authentication
SecurID Company Suffers a Breach of Data Security
Sony Data Breach Exposes Users to Years of Identity-Theft Risk
Congress Probes TRICARE BreachBipartisan Effort to Learn More About Massive Incident 4
Lost Trust = Lost Customers
6
Some industries suffer more than others.
Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach
Notification Timing Issues
• Not too soon, not too late.• Consider delivery date.• Avoid multiple flights of notices.
9
Notice Issues
• A legal notice? A communications piece? A marketing tool?
• Tone– What NOT to say– Who’s it from?– Addressed to whom?
10
11
• User name • Email • ENCRYPTED
billing address• ENCRYPTED
credit card info
Why??
Huh?
EXAMPLE OF A NOT GREAT NOTICE
Good Communications Strategies
• Outside communications firms• Internal folks to train• Employee communications• Regulator communications• Media
17
Tips for Yom Kippur
• Accept that you screwed up.• Express sincere remorse for your actions.• The other person may not be able to accept
your apology.• Where possible take action to restore what
was lost.• Reflect on what you’ve learned.
19From Twin Cities Hub for Jewish Stuff
Choosing a Make-Good Product
• Should you provide an identity theft service?• If no, what else could you do to help your
customers?• If yes, what type of service would best fit your
customers’ needs under the circumstances?• What should you look for and what should
you avoid when choosing a service?
20
Communications Before & During Litigation
• A contrite word may forestall litigation• Before litigation, don’t think like a litigator• If you offer a gift card to one unhappy
customer, be prepared to offer one to all in settlement of an action
• If litigation is inevitable, vet all communications through the legal team
22
References & Resources
• California Office of Privacy Protection, Recommended Practices on Notice of Security Breach (1/12), www.privacy.ca.gov/business
• Consumer Federation of America, Shopping for ID Theft Services, at www.idtheftinfo.org
• Plain language resources– www.plainlanguage.gov– www.transcend.net/library/tools.html
23
top related