This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

After a privacy breach, how should you break the news?, 6.7.05


Based on a recent study conducted by Ponemon Institute, we can provide some insight on what customers' expectations are when they receive notification. Here are key issues companies should consider in order to maintain the trust and confidence of their customers or employees in the event of a data security breach.

Timeliness is important. Notify the victims as quickly as possible. A few days of delay can cause a significant drop in confidence in your organization.

Talk to your customers, employees and contractors. Individuals were much more likely to view communication as truthful when a company representative contacted them by telephone. Written communication was viewed with a higher degree of skepticism and concern.

Document the issue. Individuals want to know as much as possible about the incident. While companies may be unable to share all the details about a breach at the time of notification, it is important to provide enough information so that an individual can take appropriate action.

Don't sugarcoat the message. A spoonful of sugar won't make the bad news go down easily. People expect the notice to be truthful, clear and concise.

Provide support. People expect the organization to help them with problems created by the breach. Specifically, companies should have trained personnel to help if a data breach ultimately results in identity theft or other related crimes.

Show me the money. Consumers expect to receive financial compensation in the event that they experience monetary or productivity losses as a result of the company's breach.

Personalization creates trust. Make sure the notification has accurate information about how the breach may affect the customer. Above all, don't misspell a customer's name or have an incorrect address on a notification.

Adjust the message to fit the severity of the breach. Not all breaches are the same. Make sure your notification communicates the necessary actions that are relevant to the type of breach that occurs. Again, make sure individuals have help in resolving any problems created by the breach.

It is also important to notify all potential victims. Some companies have made the mistake of not informing customers in states without a notification law. The media, government agencies and lawmakers will not view such practices favorably.

For more information, please contact research@ponemon.org. Larry Ponemon is chairman of Ponemon Institute, a think tank dedicated to ethical information management practices and research. He is an adjunct professor of ethics and privacy at Carnegie Mellon University's CIO Institute and is a CyLab faculty member. Ponemon can be reached at larry@ponemon.org.


Post a Comment



Integrity Incorporated

Site Feed

 Feedblitz email:

 RSS: http://linkingintegrity.blogspot.com/atom.xml

"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"


07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08