Privacy Ref Blog

Is your organization prepared for a data breach?

Most companies have a crisis communication plan stashed somewhere. Whether it’s policies and procedures reviewed monthly or updated on a yearly basis, companies must prepare for worst-case scenarios. But has your company prepared for a data breach; when your customer’s private and financial information is compromised and/or stolen?

In our last PR Prep column, we outlined

Dianna Fletcher is the Founder and President of Fletcher Media, experts in assisting organizations in working with the media during crisis situations.


But what’s the first step when the potential becomes a grim reality; your company is hit by a data breach?

Assemble an A-Team

If calls haven’t already been made, put together the best of the best.

-Legal experts

– IT forensic investigators

– A spokesperson

– A PR company

– Liaison with investigators

Work with Investigators

At this point, you may or may not know the source of the compromise. Is it internal? External? Be transparent. Be honest. Talk with investigators. Along with the legal team, the investigators will let you know when you can go public. Important: if you can include the investigators (a quote or point of reference) as part of any media statement, this will help rebuild crediability with your audience and stakeholders.

Plan Media Messaging

Take a cue from the investigators. As is often the case with the data breaches, the depth and breadth is not immediately known. You can’t comment on an incident that is in the early investigatory phase.  Consider your end goal—the impact to your company and it’s customers. Plan your messages from that end goal.

 Craft a Press Release

Press releases or prepared statement can be a strong way to communicate your message. Craft a message that is 1) based only on the facts you can reveal that will not hinder the investigation and 2) show compassion for your audience and customers.

If you don’t feel comfortable putting someone from your company in front of a reporter, fearing they can’t stay on message, don’t do it! Stick with your initial press release or prepared statement.

Prepare your Employees

As you craft your message, you need to share what you can with your employees. In this age of social media, the data breach news may travel faster than the time you have to pull together your team and craft your press release. Bring in your troops; let them know all they need to know. And, let them know how they should interact with customers. Train your employees with the media messages you have developed. They will be interacting with customers, suppliers and other stakeholders.

Reach Out to Customers

This is one of the MOST important steps: How will you help those impacted by your breach?

First, tell them you are sorry and you care. Yes, this breach was most likely from outside sources. But your customers, and the general public, don’t see your company as a target or victim. They just want answers.  Admit that something has happened and say you are sorry.

Find ways to ease the pain. Set up phone lines, with employees who are trained with the correct message points. Sometimes customers just need to talk to someone.

Offer credit monitoring. This is an easy, and often required step, in the data breach recovery process. Outline the credit monitoring offer with explicit instructions for customers and make certain all details are included in every press release, every interview, every media interaction.

Promise to keep your customers and the general public updated. As with any crisis, continual and scheduled updates will keep you in touch with your customers and stakeholders. All will appreciate your company’s transparency and continual work to “right the wrong”. And it will go along way to your company’s overall reputation recovery.

Privacy Ref provides consulting and assessment services to build and improve organizational privacy programs. For more information call Privacy Ref at (888) 470-1528 or email us at

Posted on October 14, 2014 by Guest Author

« »

No Responses

Comments are closed.

« »

Subscribe to our mailing list

Please fill out the form below.


Want to find out more?

Simply go to the contact page, fill out the form, and someone from Privacy Ref will be in touch with you. You can also send an email to or call (888) 470-1528.


May 31, 2019

We are now offering Privacy Professional Training from the IAPP at our Houston and Nashua offices in addition our Delray Beach location.

Latest Blog Posts

June 13, 2019

Fifty States, Fifty Laws

The big news lately is that individual states are proposing their own privacy laws. California has the California Consumer Protection Act and now New York and Maine have also proposed laws. There has been discussion of a federal law, however it seems unlikely that any kind of landmark legislation on privacy passes through to be signed. How is a business to be ready for up to 50 different laws?

Continue reading this post...

June 12, 2019

Privacy Comes at a Price
At Apple’s World Wide Developers Conference last week, the message was all about Privacy. Apple has been more privacy-minded than other tech companies – that’s not news and it’s why I have an iPhone. They’ve introduced some interesting privacy features, such as showing location tracking, which I think is pretty cool. I don’t leave my location setting on, rather turn it on when I need directions and then back off. It’s tedious, but I’m not confident that when I’ve turned off location services, apps aren’t tracking me even though I said “no”. Sadly, I don’t think no means no on the Internet. So, I’ll be able to see if I’m right or wrong. Continue reading this post...

Other Recent Posts