How to clear a data leak
The internet age has made the exchange and sharing of information a whole lot easier.This rapid exchange of information and data however quite often exposes systems and organisations to breaches which can have very serious consequences. Below are some tips you can use to get to grips with the problem as quickly as possible and avoid irreparable reputation meltdown.
Have a plan – Don’t wait until you have already suffered a significant data breach to start working out how you are going to respond.You need to identify the response teams,understand where the impact will be felt and have advisers lined up to help.
Get the measure of it – An important priority is to understand whats happened and the extent of the data loss. A data security breach can happen for a number of reasons.These include loss or theft of data,hackers and unauthorised use or equipment failure.
Keep the fingerprints – Ideally,a victim organisation will immediately make a forensic image of the affected computers,which will preserve a record of the system at the time of the incident for later analysis and potentially for use as evidence at trial.
Come clean – The big question is who you tell and how quickly.Remember its much better if your customers find out from you rather than from the media.
Notify or not – You are not obliged in most sectors to notify the ICO of a data breach,but it depends on the scale and sensitivity of the data and whether its encrypted.It may be best to err on the side of caution.The ICO is more likely to clobber you with a hefty financial penalty if they think you are trying to cover it up.
Reassure – Giving customers a sense of control following a breach is vital.That means providing them with simple,easy to use tools and support they can use to defend against misuse of their personal data.This can involve credit monitoring and identifying theft protection services to dedicated helplines.
Communicate what you are doing – Say sorry,but move on quickly to talking about the solution. DO SAY:We would like to apologise to our customers for the loss of data but reassure them that every effort is being taken to protect their privacy.