Data Breach

"Despite negative repercussions in terms of cost outlay and reputation diminshment, many companies that experience a breach do not take appropriate steps to prevent future incidents," Larry Ponemon

As technology capability increases so does the chance of data breaches. In the past three days I have personally received two notifications that a potential data breach has occurred with my personal data. One instance from my employer and one from Walgreens, both are very large companies with high tech IT departments. The article Data Breach Remendation Lags, from the Communications News, 00103632, Jul 2007, Vol. 44, Issue 7 discussed that breaches happen to many companies, while most breaches can be prevented with an encryption device for workstations and PDAs, it is the way the companies respond to the breaches that is surprising.

In a survey by the Ponemon Institute Institute they found that a data breach can cost the organization money in loss of customers, legal fees, fines and even a decline in stock values. About half of the breaches came from stolen equipment while the other half came from employee negligence. Even though organizations have experienced data breaches, 46% failed to implement encryption technology and 42% stated their IT security budget will remain the same in the upcoming year. Encryption is on the rise in many organizations. My company has recently instituted a new encryption device, although a data breach has been expected the occurrence of the issue is rare.

Many states are adding regulations to inform customer or employees if a data breach has occurred but is that enough? Communications Plans are critical to informing customers of a compromise.

Not only is it the responsibility of the organization to protect customer data but it is also their responsibility to have a plan in place to handle data breaches prior to a suspected compromise. Art Samansky and Eric Samansky of The Samansky Group states, "Speedy, full and accurate disclosure greatly outweighs waiting for a possible intrusion to be discovered outside the organization." The communication plan should include the appropriate actions the customers need to take.

In today's age of technology and the risk it includes, all organizations should have to follow federal, state, as well as, individual regulations to protect our personal data.

Reference

Communications News, 00203632, Jul2007, Vol 44, Issue 7, (p6) Data Breach Remediation Lags. Retrieved from EBSCOhost. Potential for Customer Data Breach Requires a Communications Plan Review. By: Samansky, Art, Samansky, Eric, Public Relations Quarterly, 003337000, Summer2005, Vol 50, Issue 2. Retrieved from EBSCOhost.