PLAN AHEAD

Incorporate privacy and security from start to finish.
Thinking about the data you will collect and store while you design your product or service is only one part of “baking in” privacy. You also need processes in place to address issues that might arise in the future. Save time, money, and even your reputation by maintaining privacy and security practices that are holistic, regularly re-evaluated, and prepared for potential data security issues and legal demands.
PROTECT YOUR USERS BY NOTIFYING THEM AS QUICKLY AS POSSIBLE.

Notifying users in the event of a data breach is required by law in most of the United States. Failing to follow these laws can result in expensive lawsuits. In addition, keeping a breach hidden could result in even more outrage from users and the press. Instead, promptly and thoroughly notify your users to help them prevent identity theft and other harms and to start to repair your relationship with them.

Case Study

Uber Hit with Lawsuit for Delayed Notice of Breach

App-based car service Uber was hit with a class action lawsuit after accidentally posting the personal information of about 50,000 drivers and waiting nearly five months to disclose the incident.

App-based car service Uber was hit with a class action lawsuit after accidentally posting the personal information of about 50,000 drivers and waiting nearly five months to disclose the incident. When Uber did not offer an explanation for the delay, it faced flack for its “unsavory and unprincipled” practices. Moreover, Uber was sued for allegedly violating California law, which requires companies to notify those affected “without unreasonable delay.”

+ read more
Case Study

Sony Slammed for “Half-Baked Response” to Security Breach

Sony “will have a long road ahead to win back the trust of gamers” after a security breach that shut down its PlayStation Network in spring 2011 turned into a major privacy fiasco.

Sony “will have a long road ahead to win back the trust of gamers” after a security breach that shut down its PlayStation Network in spring 2011 turned into a major privacy fiasco. The company waited five days before revealing that user data, including passwords, had been compromised and then disclosed weeks later that at least some credit card information had been lost in the incident as well. In the aftermath of the breach, Sony was sued for failing to secure its data and also excoriated by Congress, with Rep. Bono Mack (R-CA) describing its behavior as a “half-hearted, half-baked response [that] is not going to fly in the future.

+ read more
TAKE STEPS TO PREVENT FURTHER HARM.

If you suffer a breach, maintaining your customers’ good will requires that you do everything in your power to protect them from further harm. Contact law enforcement officials, banks, credit payment processors, and credit agencies to try to head off fraud and other harm. Taking steps such as offering free credit monitoring to any user whose data was exposed can mitigate the damage both to your users and to your reputation. By being forthright about the problem and offering clear guidance and assistance to your users about how they can protect and monitor their own privacy, you will reassure them that you take your business responsibilities—and their privacy—seriously.

Businesses fail to offer mitigation services such as credit monitoring 29% of the time in cases where it would be helpful. - California Attorney General's 2014 Data Breach Report

Share This:

Related Content