This topic has made news consistently for the past year, whether it highlights the high level of fines which can be levied by the regulator, through to the reputational damage data breaches can cause if mishandled. As a firm, we have been active in both helping to manage the impact of breaches when they happen, but also helping our clients prepare for what should really be seen as a business-as-usual risk rather than a crisis.
Whilst the headlines are often driven by breaches at high street and consumer-facing household names, we believe a broader view of ‘breach’ is required. Breaches should be seen as the result of information leaving an organisation in an unplanned manner. 90% of breaches are driven by human error, and the information leaked by whistle-blowers, disgruntled former employees or from internal and external reviews are often much more damaging.
Effective management of these situations will require the balance of rigorous process – gathering information, understanding what is known and not known, achieving alignment within the organisation, and an intuitive sense of what is the right thing to say publicly. A team of specialists is required including legal, communications and forensics, to working alongside internal teams. The balance between accepting publicly what damage and upset has been caused, whilst managing the need to get to the bottom of the situation, requires careful assessment. There is no template of a right response, but our experience suggests that rapid deployment, pre-agreed response procedures and a close working relationship between all elements of the organisation is most likely to ensure that the issue is perceived as a risk which all businesses face today, rather than mismanagement of sensitive personal data.
For information on DRD’s work in this sector, please click here.