While retailers continue to beef up computer security, hackers continue to find ways to circumvent even the most sophisticated cyber-blockades. And the threat is not only hackers or rogue employees maliciously liberating private information: Data breaches occur when sensitive information is improperly disposed of and tossed in the trash or lost when a laptop or other portable electronic device is mislaid by or stolen from a well-meaning employee. This not only impacts your customers but can damage a company’s reputation and bottom line.
In addition to computer security, retailers must have a crisis plan in place to prepare a strategic offense when a breach occurs. The right response can go a long way to mitigating the damage an incident can cause to both a retailer’s bottom line and its brand reputation.
The following three steps are critical:
1. Get to the root of the problem. As soon as a breach is known or suspected, a retailer may be bombarded with questions and possibly adverse publicity. Almost universally, the company will need to call on third-party forensic and technical experts to help determine the root cause of the breach and the extent of the damage.
2. Assess notification needs. Almost every U.S. state now has a statute outlining what a company must do in the event of a data breach, including specific requirements for notifying those impacted by the incident. (Check current notification laws by state at beazley.com/databreachmap.) The costs associated with these notifications can stack up fast when you consider that thousands — even tens of thousands — of customers need to be alerted. Outside of notifications, additional regulations are constantly being enacted, and place ever-greater burdens on businesses handling personal information.
Negotiating the maze of applicable laws can be complicated. Retailers are wise to engage legal counsel to help them through the process and to ensure compliance.
3. Nurture customer relat