Thursday, February 7, 2008

Best practices - notification of a breach

CSO magazine has a facinating article on notifying stakeholders of a breach. They compare and contrast two styles of letters to customers - interesting stuff. How does one provide details without overwhelming the reader who may not understand everything? Does one mention steps beign taken, other breaches in the industry?

I wonder how many folks within the company (as well as lawyers, PR folks) might be involved in this task? I assume this increases the visibility of data breaches across the company - mainly because of the number of senior folks involved. Bit late though, now that the horse has left the barn...

No comments: