On Wednesday, as I was getting ready for work, a news story flashed across my TV screen, “Barnes and Noble Bookstores reports breach of U.S. customer credit card data.” And there you have it, another potentially large security breach in the news. Although you often only hear about the large security breaches that impact brand names, what you often don’t hear about are the smaller, still possibly incredible harmful breaches that occur almost every day. Check out SC Magazine’s Data Breach Blog and you’ll see some examples for yourself.
Unfortunately, data breaches are fact of life in today’s technology driven world. How a company responds to them is a new and evolving process. Every state has regulations regarding what constitutes a security breach, how companies need to notify their customers of a breach, how quickly, and if any additional support has to be provided to the customer (for example, offering ID monitoring services). While the rules for speed of response are evolving, the best method of response is clearly identified as a written notification to your customers. You should print and mail a letter notifying your customers that a data breach has occurred and explain what steps are being taken to correct the problem, protect the customer’s data and prevent unlawful use of customer information.
It was reported in the 2012 Ponemon Institute Cost of Data Breach Study that in 2011 the cost of a security breach fell for the first time in seven years. The decrease in cost was partly attributed to companies stepping up their notification and response processes to their customers. Notifying your customers quickly is key. People want to know what steps are being taken to resolve the issue and prevent it from happening again in the future.
It’s important to not only have a critical communications recovery plan in place for your critical daily print and mail requirements, but also to have a partner who can quickly and efficiently execute a Security Breach Notification letter. Choosing the right vendor is extremely important. You want someone with the security qualifications in place to ensure a second breach does not occur. PCI compliance, HIPAA or GLB security standards are a necessity. Much like a written disaster recovery plan, take time to detail the requirements of such a mailing so that your vendor can act immediately upon your direction. Plan for your potential data needs, have base letter content approved for legal so you can fill in the details later, and most importantly partner with someone who can print for you at a moment’s notice.
Let’s face it, data breaches are part of doing business these days. Make sure your company is prepared to respond. Contact us at Mail-Gard® if you like to discuss how to prepare for a data security breach.
Subscribe via email to our Stevie® and Feedspot award-winning blog and get a fresh post delivered weekly to your inbox. We promise to keep it interesting, but you can easily unsubscribe if we don’t.