In the wake of recent mega data breaches, it comes as no surprise that companies are working harder than ever to prepare for an inevitable data breach incident. Enterprises of all shapes and sizes from every industry are becoming more aware to the threat of a data breach. As a result, many are taking steps to proactively assemble a data breach response team, combining internal stakeholders and external resources, so that they can be prepared in the event that they experience a breach.
Despite the media coverage of breach events, little information is available to guide organizations through the process of vetting and retaining breach response team members. And the issue has become only more complicated as more and more players have entered the arena, each claiming to have an expertise in breach response. Wait until an issue happens, however, and companies may find themselves in the unfortunate position of enlisting whoever is available, easiest (or lowest costing) to retain versus best for the job, which can lead to disastrous results for both the breached company and those whose information has been breached. Assembling a breach response team in advance of an incident allows entities to thoughtfully and thoroughly vet candidates and ensure retention of the best qualified team for the entity's unique needs.
Practice Makes Perfect
Proactive retention of a breach response team provides the entity with the opportunity to engage in practice runs and fire drills to rehearse their response to a breach incident, which can help to identify communication, technical or other snags before a breach ever happens. Thorough preparation for a breach incident can lead to faster reaction, better coordination and efficiencies, and lower costs should a breach occurs.
Breach Response Team Members
A breach response team should consist of a cross-section of company personnel, including legal, privacy/compliance, IT, information security and other relevant stakeholders from the company's various business units. External members should include outside privacy counsel, computer forensic specialists, and a crisis management firm.
Entities should require all potential external team members to demonstrate their prior experience in handling breach incidents and their ability to scale if a breach turns out to be larger than originally thought. They also should be able to handle breaches with ramifications outside the United States.
Selection of Outside Privacy Counsel
Identifying and vetting external privacy counsel before a data breach occurs should be an element of every security incident response plan. Outside privacy counsel plays such an important role that counsel is often referred to as the "breach coach." Given the critical and central role they fill, the importance of selecting the right breach coach cannot be overstated.
Sign up for Computerworld eNewsletters.