red binary code

Perspectives

Bringing tools and process improvements to data breach notification

Preparing for the inevitable

In today’s digital world, it is critical to have a swift and comprehensive response to any data breach. Deloitte’s data breach response team provides organizations an informed strategy to ensure your brand and reputation are protected.

The challenge and risk

When a data breach occurs, agencies and institutions are required, often by law or regulation, to identify sensitive or protected information in the breached data and notify individuals affected by the breach.

There is much at risk:

  • Personal health information (PHI)
  • Consumer and client confidential files
  • Personally identifiable information (PII)
  • Privileged data
  • Confidential data

Notification requirements can vary depending on jurisdiction, industry, or organization type. A quick response is important to satisfy these requirements. Prompt notification can also help protect the organization’s reputation among current and future clients.

Unfortunately, the current state of data breach notification responses involves a complex, manual review of the data to identify sensitive or protected information and notify the individuals affected by the breach.

Back to top

How will you notify your affected customers and contacts?

There is a better way to notify customers and contacts that their information has been compromised. By implementing notification workflows, Deloitte subject matter specialists, a data breach response team, and data analysis workflows you can review the data in response to a cyber incident to provide a rapid identification of the risk exposure, data categorization for specialized treatment, and analytic reports to inform your response and strategy.

With Deloitte’s data breach notification team, you’ll have the support you need to make informed decisions regarding data breach notifications and get the correct information to the right people in an expeditious manner. For example, matching data to the person who must be notified is often challenging. Your company may discover that a large set social security numbers has been compromised. But you cannot send a breach notification letter to social security number. You will have to match the compromised data to other available records to try to identify the person associated with the data and the correct contact information for that person.

We provide structure, analysis, insights, and analytics including:

  • Customized approach to meet the unique needs of your organization and the cyber incident at hand;
  • Rapid identification of United States and global data triggering regulatory requirements;
  • Real-time analytics regarding data content, customers, clients, and consumers;
  • Consultation across stakeholders within your organization;
  • Independent review of data to support defensibility of your response; and
  • Timely response with experienced, cost effective resources.

Back to top

pointing pen on screen with graph

Informed response strategy

All of this allows you and your outside counsel to focus on the results of the review and the response strategy. By using our approach, you will be able to construct an informed strategy for:

  • Regulatory notice requirements;
  • Contractual incident notice obligations;
  • Customer and client responsibilities;
  • Commitment to shareholders;
  • Global regulatory requirements; and
  • Public relations and communications.

Your brand and reputation is at stake during a cyber breach incident and swift notification to your clients and customers can go a long way to ensure your brand and reputation are protected.

Back to top

stock numbers on screen
Did you find this useful?