Data breaches are almost inevitable. So, in addition to working towards preventing data breaches, you should be asking yourself whether your business is ready to respond quickly and effectively when the pawpaw (or POPIA) strikes the fan.
When you look at data breaches around the world, businesses often get into hot water for not being prepared to deal with data breaches. Your response must be swift, it must give the affected people the tools to protect themselves, must not open you up to liability (the legal stuff like fines and civil actions) and you must manage the PR fallout. The harm to your reputation is the biggest risk when a breach happens.
So what do you need to do?
#1 Do you have a breach response policy and procedure?
Regulators will often ask for this policy and procedure in order to measure whether you took reasonable steps to prepare for breaches. It is important to have a crystal clear procedure which is documented. It has to set out everything from where and how to report the breach, who should be notified, steps taken to address the fallout and who gets to liaise with the regulator and draft the incident report.
#2 Do your staff know what the breach procedure is?
Training is essential. Too often, businesses have a breach response procedure, but no-one knows what it is. In a crisis situation you want your staff to know what to do without having to think about it. There are many ways to achieve this. Take a look at Compliance Online’s Dawn Raid training. You will be prepared for any regulator who wants to spoil your day.
#3 Use technology!
Our friends at Compliance Online have developed an app which automates your crisis management (whether that crisis is a breach or a visit from a regulator). With the press of a button, the app makes sure that notifications are sent to the right people in your organisation so they can respond quickly and effectively. Contact us for more info.
#4 Use PR people
In-house lawyers are not trained in how to communicate to customers in a crisis. Your communication strategy must be spot on, or you might risk throwing oil on the fire. Get experts to help you – it will be money well spent.
We wrote this blog with POPI in mind (we have been dealing with a breach this morning), but obviously this applies to almost any crisis, from floods, to Regulators or even a zombie apocalypse. Be prepared!
Get our newsletter. From ‘oh ****’ to ‘aha!’, get free advice on doing compliance right.