02.13.2013 | Melissa Cafiero
At the end of January, I attended the PRSA Puget Sound’s event focused on security and privacy, “The Corporate Reputation Drivers of the Digital Age.” Panelists included Aaron Weller, managing director, Data Protection & Privacy Practice at PwC; Christopher Budd, principal and founder of Christopher Budd Communications; and Leigh Nakanishi, Edelman, Data Security and Privacy Group.
Weller, Budd and Nakanishi set the stage by discussing the importance of security and privacy to organizations, which is due to a number of factors, including:
- A changing landscape and increased awareness: Rarely a day goes by that you don’t see news about a data breach, successful hacking or another related issue. Reporters are paying attention to the news and ensuring consumers are informed.
- Increasing use of technology: Nearly every organization or business is at risk. At some point, it’s likely that a data breach or data loss incident will occur.
- Heightened media scrutiny and attention: Not only are media outlets paying attention to incidents, but they’re also analyzing communication, responses and other details. How is a company informing affected customers about an issue? How much detail are they providing? And how long does it take them to react? These are only a few of the questions that reporters look to answer.
- Rise of social media: With social media, the potential audience witnessing your organization’s incident and response is global. Affected customers can easily and quickly publicize details. Unfortunately with social media, rumors can also become fact. Even if your organization didn’t experience a data breach, for example, the mere claim being shared on social networking sites like Twitter can escalate quickly and cause damage to your brand’s reputation because of the perceptions being formed.
The best thing you can do for your organization is to have a plan in place before an incident ever happens. That plan should include the name and contact information of the person in charge of managing the issue. You should also determine ownership on different activities, communication channels and a holding statement to provide to media should an issue occur and an investigation not yet be completed. It’s also helpful to understand who your technical contacts will be during an incident – that is, the person or people you can get information from during an incident investigation. Securing executive approval of your plan before an issue happens will also allow you to work more efficiently.
What other tips would you offer to prepare for the worst case scenario?
Tags: Aaron Weller, Christopher Budd, Christopher Budd Communications, corporate reputation, Corporate Reputation Drivers of the Digital Age, corporate security, Data Protection & Privacy Practice at PwC, Edelmand, Leigh Nakanishi, privacy, PRSA Puget Sound, security