As I discussed in my previous data response blog post, preparation and practice are key to ensuring your business can respond effectively to any potential data breach. Everyone needs to know the risks, and understand their roles in responding to an incident. At the same time, you need to ensure you have the resources to respond quickly. That means having the call centre capabilities to field potentially thousands of enquiries from concerned consumers, the ability to fulfil postal and email responses at scale, and to meet regulatory notification requirements.
Thankfully, your business does not have to face this challenge alone. In addition to your internal data breach response team, there are a host of external partners that can help to protect your customers, support a rapid response to any incident, provide the resources you need, and minimise the damage to your business and its customers.
These partners include legal, forensics, crisis-communications and customer-response specialists, as well as key influencers, regulators and insurers. Here, I will explore the roles and relevance of each specialist, and how to select the right partners for your business.
Your support network should include legal partners, regulatory bodies and other relevant officials. Legal partners provide the link with regulatory entities to support your post-breach activities. They can advise you on information disclosure and ensure everything is properly recorded and documented to avoid unnecessary legal risks.
Your legal counsel is responsible for:
- Handling communication with local regulatory entities, such as The Information Commissioner’s Office
- Provide advice under legal privilege – this protects confidential communications between the business and lawyer
- Advising on information disclosure to avoid litigation risks, based on recent case law developments
- Ensuring anything recorded or documented meets the need for transparency without creating unnecessary legal risk
A good legal partner will have ideally managed previous data breach notifications and should also introduce you to other data breach experts to help pre-empt, plan for and respond to data breach incidents – helping to minimise the legal ramifications.
IT Forensics Partner
These data investigation specialists offer the expertise you need to translate technical analysis of a data breach into the risk implications for your organisation. They provide the data and insights to support the decision makers in your business as they plan and manage your response.
Your IT forensics partner is responsible for:
- Confirming if a data breach has occurred and advising what data has been compromised
- Putting in place solutions to stop further data loss and prevent further harm
- Preserving evidence and managing the chain of custody, including minimising the chance of evidence being altered, destroyed or rendered inadmissible in court
- Looking at ways to mitigate attacks in the future
Crisis Communications Partner
The way you communicate with customers, employees, stakeholders, investors, regulators, and supply partners following any data breach is critical to the success of your response. Crisis communications specialists can help you to get it right. Look for specialists that have experience in managing highly publicised security issues, and who understand the technical, regulatory and legal nuances of managing data breach communications.
Your crisis communications partner is responsible for:
- Developing all public-facing communications collateral, for every stage of your incident response
- Advising you on how best to position the incident and communicate it to your critical audiences
- Monitoring media coverage of the event on traditional and social media channels
- Helping you respond to media enquiries
Customer Response Partner
As data management and analysis experts, these partners (like our Experian data response team) help you prepare for and manage the practical elements of the data breach or crisis response. They provide a range of services and resources, including response planning, postal / email fulfilment and address verification checks, multi-lingual call centre support, and credit/identity monitoring solutions. Look for providers with proven experience in managing mass-notification projects, with high-volume call centre resources, and experience in data breach/crisis query handling who can also offer support ahead of a live data breach incident.
Your response partner is responsible for:
- Response planning, including resource evaluation and gap analysis
- Handling all aspects of customer account management and notification, including drafting and deployment (supported by address verification)
- Providing 24/7 inbound call centre support to handle consumer queries
- Providing credit and identity monitoring services
Insurers, influencers and regulators
An experienced insurance broker with specific expertise in cyber insurance is another valuable partner. They can help you demonstrate a strong security posture to insurers, and select the right policy and insurer for your business needs.
You should also establish relationships with appropriate regulatory bodies, including the police cybercrime unit, to determine best practice and help streamline response processes in the event of a breach.
Experience matters in successful data breach response
When it comes to data breach response, you need a partner with a comprehensive knowledge of the entire breach lifecycle, as well as the strategic knowledge to plan and prepare for multiple potential scenarios in advance. You also need a partner who can scale up consumer management and response capabilities to meet the needs of any incident as it escalates.
Experian has a dedicated data breach and readiness team, with more than a decade of experience supporting businesses to manage breach response recoveries. Our team can help you evaluate in-house resources, perform database health checks and identify gaps.
Our resources and expertise include high-capacity call-centre capabilities, live web chat, consumer notification and fulfilment services, response messaging templates, address verification and cleansing services, as well as fully account-managed response planning, implementation and delivery.
To help your business prepare thoroughly in advance and minimise the impact of any possible data breach, we have compiled a detailed report on data breach planning. Click on the link below to read the full report.
To read the full report download our Data Breach Response Planning Guide todayDownload
 RiskBased Security