Privacy breaches are happening all the time and they can have dire consequences. When (not if) you experience a breach, the stakeholder trust that’s been built in your organization is on the line.
How you handle the breach can affect how you maintain and, if necessary, rebuild that trust. How you communicate when there’s a breach is an important part of that equation.
Here, I wanted to share a few communications tips to help plan for and address breaches a little more smoothly.
1. Recognize breach risks in risk planning
Many organizations have corporate risk profiles. They help to identify, understand and mitigate a wide range of risks and to address issues effectively when they do arise. These days, if your risk profile doesn’t include a breach as a possible risk, something’s missing. Once a breach is identified as a risk, the mitigating strategies include things like tightening up security safeguards, developing a breach response plan and complementing that plan with a strategy for communications.
2. Include comms in the crisis planning and response
Every organization should identify, establish and train its crisis planning and response team – before something happens. Each member’s role and responsibilities should be made clear. Since most crises include some form of communication, make sure to include a communications specialist in this group.
3. Prepare a crisis comms strategy
With most breaches, time is not on your side. Having certain things ready in advance can be a real lifesaver. Given this, the breach response plan should have a crisis communications strategy baked right into it. A comms strategy includes things like objectives, target audiences, messages and tactics. The strategy should contemplate potential scenarios and should include some pre-drafted processes, messages, checklists and templates.
4. Determine your overall breach response goal
Each crisis has unique attributes and it’s difficult to plan for every possible scenario or question. So, when a crisis does hit, it’s helpful to take a moment to determine your organization’s goal in dealing with the incident, in light of its corporate values. What will success look like at the end of it? Making sure the goal you establish is clear, brief, succinct and understood will help everyone involved to focus the limited resources and efforts, as well as the communications tactics. It will also help you answer questions that come up, because you’ll measure the answer against whether it will help you achieve that goal.
5…
Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector
As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…