Presentation is loading. Please wait.

Presentation is loading. Please wait.

IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information.

Similar presentations


Presentation on theme: "IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information."— Presentation transcript:

1 IAPP Global Privacy Summit, 3/8/12 1

2 Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information Management Practice Hunton & Williams Susan Grant Director of Consumer Protection Consumer Federation of America 2

3 Session Outline Cost of a Data Breach Bad Communications Better Communications Making Amends Communications & Litigation 3

4 Entrust Survey Reveals RSA Data Breach Undermines Confidence in Hard Token Authentication SecurID Company Suffers a Breach of Data Security Sony Data Breach Exposes Users to Years of Identity-Theft Risk Congress Probes TRICARE Breach Bipartisan Effort to Learn More About Massive Incident 4

5 Breach Cost by Activity 5 Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

6 Lost Trust = Lost Customers 6 Some industries suffer more than others. Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

7 Breach Impact on Reputation 7 Ponemon, Reputation Impact of a Data Breach, November 2011

8 8

9 Notification Timing Issues Not too soon, not too late. Consider delivery date. Avoid multiple flights of notices. 9

10 Notice Issues A legal notice? A communications piece? A marketing tool? Tone – What NOT to say – Who’s it from? – Addressed to whom? 10

11 11 User name ENCRYPTED billing address ENCRYPTED credit card info Why?? Huh? EXAMPLE OF A NOT GREAT NOTICE

12 12

13 13 BEFORE 351 Words, 12 th Grade AFTER 224Words, 8 th Grade

14 14

15 15

16 16

17 Good Communications Strategies Outside communications firms Internal folks to train Employee communications Regulator communications Media 17

18 18 Making amends

19 Tips for Yom Kippur Accept that you screwed up. Express sincere remorse for your actions. The other person may not be able to accept your apology. Where possible take action to restore what was lost. Reflect on what you’ve learned. 19 From Twin Cities Hub for Jewish Stuff

20 Choosing a Make-Good Product Should you provide an identity theft service? If no, what else could you do to help your customers? If yes, what type of service would best fit your customers’ needs under the circumstances? What should you look for and what should you avoid when choosing a service? 20

21 21

22 Communications Before & During Litigation A contrite word may forestall litigation Before litigation, don’t think like a litigator If you offer a gift card to one unhappy customer, be prepared to offer one to all in settlement of an action If litigation is inevitable, vet all communications through the legal team 22

23 References & Resources California Office of Privacy Protection, Recommended Practices on Notice of Security Breach (1/12), Consumer Federation of America, Shopping for ID Theft Services, at Plain language resources – – 23

24 What to Do Next Week Review “Shopping for ID Theft Services” and select product(s) for future use. Review your breach notice templates. Share plain language resources with your communications people. 24


Download ppt "IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information."

Similar presentations


Ads by Google