Cyber-security continues to be a growing concern. Forty-seven states and the District of Columbia each have separate laws defining what a data security breach is. A data security breach, according to Inside Counsel Magazine, is the type of event that can trigger a company’s responsibility to notify affected consumers about a breach incident and the time period in which companies must send out a notification to those affected.
Congress is considering legislation (H.R. 1770) that would preempt state law by requiring companies to notify affected customers of the breach within 30 days of restoring the security and confidentiality of the data breached.
Thirty days seems like a long time to wait for a company to contact me about my data being accessed by someone whom I do not trust or my information being used for a purpose I did not intend.
Businesses today do not have the luxury of waiting 30 days let alone thirty minutes to notify its stakeholders of a breach in cyber security. CEOs along with the CMO, CIO and CLO must work to create effective and swift protocols to deal with data breaches to limit legal liability risk and risk to the company’s reputation.
Today, consumers understand the risk of giving out our information. We know we are vulnerable. However, we want those to whom we trust our information to, to take every precaution to keep our information safe. If it is stolen, misused or otherwise compromised here are the steps we would expect a company to take to limit any damage to the company's reputation:
- Be Aware – Set up a risk management plan and know about the issue before it becomes a problem.
- Be Active – Once you are aware of the issue start planning and preparing for an issue to become a problem.
- Be Responsive – Don't sit and wait for the issue to go away. Acknowledge the problem as a problem and find the best way to address it is to get out in front of it.
- Be Visible – From the moment the issue becomes public, the CEO needs to become the voice and face of the company acknowledge the issue, deal with it and help move forward.
We are at risk and we know it, but how a company’s reputation will depend on how the breach happened and how the company responded.