Bringing tools and process improvements to data breach notification Bookmark has been added
Bringing tools and process improvements to data breach notification
Preparing for the inevitable
In today’s digital world, it is critical to have a swift and comprehensive response to any data breach. Deloitte’s data breach response team provides organizations an informed strategy to ensure your brand and reputation are protected.
- The challenge and risk
- How will you notify your affected customers and contacts?
- View the infographic
- Informed response strategy
- Get in touch
The challenge and risk
When a data breach occurs, agencies and institutions are required, often by law or regulation, to identify sensitive or protected information in the breached data and notify individuals affected by the breach.
There is much at risk:
- Personal health information (PHI)
- Consumer and client confidential files
- Personally identifiable information (PII)
- Privileged data
- Confidential data
Notification requirements can vary depending on jurisdiction, industry, or organization type. A quick response is important to satisfy these requirements. Prompt notification can also help protect the organization’s reputation among current and future clients.
Unfortunately, the current state of data breach notification responses involves a complex, manual review of the data to identify sensitive or protected information and notify the individuals affected by the breach.
How will you notify your affected customers and contacts?
There is a better way to notify customers and contacts that their information has been compromised. By implementing notification workflows, Deloitte subject matter specialists, a data breach response team, and data analysis workflows you can review the data in response to a cyber incident to provide a rapid identification of the risk exposure, data categorization for specialized treatment, and analytic reports to inform your response and strategy.
With Deloitte’s data breach notification team, you’ll have the support you need to make informed decisions regarding data breach notifications and get the correct information to the right people in an expeditious manner. For example, matching data to the person who must be notified is often challenging. Your company may discover that a large set social security numbers has been compromised. But you cannot send a breach notification letter to social security number. You will have to match the compromised data to other available records to try to identify the person associated with the data and the correct contact information for that person.
We provide structure, analysis, insights, and analytics including:
- Customized approach to meet the unique needs of your organization and the cyber incident at hand;
- Rapid identification of United States and global data triggering regulatory requirements;
- Real-time analytics regarding data content, customers, clients, and consumers;
- Consultation across stakeholders within your organization;
- Independent review of data to support defensibility of your response; and
- Timely response with experienced, cost effective resources.
Informed response strategy
All of this allows you and your outside counsel to focus on the results of the review and the response strategy. By using our approach, you will be able to construct an informed strategy for:
- Regulatory notice requirements;
- Contractual incident notice obligations;
- Customer and client responsibilities;
- Commitment to shareholders;
- Global regulatory requirements; and
- Public relations and communications.
Your brand and reputation is at stake during a cyber breach incident and swift notification to your clients and customers can go a long way to ensure your brand and reputation are protected.
An analytics-driven approach to fighting fraud
New digital defenses for new digital risks