We’ve seen at first hand the issues caused by a data breach, ranging from time taken up in managing irate customers or employees, unplanned spend correcting brand reputation, and diverted senior management focus reassuring investors in the business. No matter how much IT security you put in place to protect your customer’s data, a breach will happen because of human foibles.
So the trick is to be highly organised regarding your data collection and protection strategies in the first place, have a stress tested robust process to handle the inevitable when it happens, AND take active measures to reduce the propensity for a breach to occur.
We know this is not easy to do for many organizations as it often spans functional responsibilities across HR, Compliance, Marketing and IT. Doing this ‘right’ involves processes, staff training, state-of-the-art tools and ongoing assessment of the effectiveness of these things in combination. That’s where we come in, by helping you apply our COLLECT | PROTECT | DETECT | CORRECT approach to data protection. With this approach we organise appropriate services, techniques, tools and education programmes to create an appropriate framework to help you focus on each stage of the data lifecycle, and drive through the organisational behaviours that are needed.
COLLECT | The data that you collect about your customers will allow you to develop deep insights and relationships with them. But how do you know what data you need to drive your business? What are the tools that you need to collect this data? How do you know the data you need has been collected lawfully? How can you organise this data to ensure that the people in your business who need it most have access to it?
PROTECT | Protecting data is about having an ongoing programme that allows you to manage the risk of holding personal data, onboard new suppliers and data sources and provide your staff with role specific education and training. The way you do this will also have a big impact on the experience of your customers, when they exercise their rights to access or their right to be forgotten.
DETECT | For many organisations, they will only be aware that they have been subject to a data breach when it’s too late. Customers and investors will be asking difficult questions and the regulators will be expecting answers. It doesn’t have to be like this though. Through a combination of education, process change and the latest in breach detection software, you can stop most data breaches in their tracks.
CORRECT | If the worst happens, and your customers or employees personal data is breached, then you need to be prepared. When a breach is detected, you will have 72 hours to react. This includes informing anyone whose data has been breached, talking to the regulator, managing your investors, employees and the press. You’ll be in crisis management mode and will need to execute a well rehearsed plan to put things right.