Data breaches have become more commonplace and serious over recent years, but companies still may not be aware of what they need to do if their customer’s data is breached. It is vital that your business is aware that an attack is not only possible but nowadays it is probable. If or when an attack happens you need to have a clear plan in place to handle the breach itself, and the reputational/customer service backlash that will likely follow.
What should you do internally?
Understand what has happened and if you need to inform the ICO
Having an awareness of what constitutes a reportable data breach and what details the ICO (Information Commissioner’s Office) needs your business to submit when a data breach has been lodged, will help you create a suitable disaster assessment plan. When reporting a data breach to the ICO, your business will have to provide:
“1) A description of the nature of the personal data breach including where possible:
· The categories and approximate number of individuals concerned and
· The categories and approximate number of personal data records concerned
2) The name and contact details of the data protection officer (if your business has one) or another point of contact where information can be gathered
3) A description of the likely consequences of the personal data breach and
4) A description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any potential adverse effects.”
When you have all of this information ready to submit to the ICO, you will need to start working on carrying out the measures set out to deal with the breach.
Investigate and audit
A vital part of the recovery process is to complete an extensive IT security audit and use the services of a security specialist that can independently assess what happened and what you can do to prevent such an attack from occurring again.
What can you do externally?
Share your plan
The first thing you should do is let the public and your customers know about the breach, and ensure they are kept informed of any and all developments. How you handle a breach with customers is extremely important. A poor example of this is the company FatFace.
It experienced serious backlash on social media after asking customers to keep news of the hack they suffered “strictly confidential” in an attempt to protect its brand reputation. If you think your data was part of this attack, you could claim FatFace data breach compensation now.
Be open to conversation
Customers will be upset; they have a right to be. People trust companies with some of their most personal and sensitive information. When this data gets breached, they need to have someone to talk their frustration out with. They need to know that you’re listening and taking their feedback on board. You can do this by opening up a dedicated customer service line, exclusively for answering questions and taking complaints about the breach.