I recently posted about some companies making the decision to not announce when a data security breach has occurred, or at least they would think twice before announcing. According to a couple crisis communication experts, that delay in announcing could harm the business in more ways than just increasing the chance of legal liability.
In connection with the latest data breach involving Dairy Queen, Jon Austin, a crisis communications specialist, opined that remaining silent about a breach is the wrong approach. Austin said that a mishandled response to a data breach can have a corrosive effect on the relationship with customers.
Even if the data breach incident is not fatal, the message you want to send as a business to your customers is that you will protect them. Afterall, the customers trusted the business with their information and honored the business with his/her patronage, so the business should step up and make sure the customer is taken care of. Jim Lukaszewski, a crisis consultant, and frequent guest blogger here, said a data breach incident is an opportunity to strengthen relationships with customers.
Given the fallout that can occur from a data breach incident, companies should have a prepared plan for a data breach. A written information security plan will help maintain order when the disorder of a data breach occurs. Companies should also train their employees on data security and periodically run through a data breach response drill so that the business is prepared in the event an incident occurs.