Monday, July 28, 2008

Data breaches: Technology, process or management?

Being part of a technology company, one tends to think of solutions to data breaches as mainly to be solved by technology. Well, with a bit of process thrown in for good measure as well! Did not think much about the important role of management till now...

Just came across an interesting opinion by Jonathan Armstrong, a partner at Eversheds, a law firm. He contends that current best practices of management do not train executives how to respond to crisis - he talks about various types and data breaches is one amongst them.

I tend to agree to a point. However, I also think that it is the type of management and their core values that dictate how such a crisis be addressed. Is management concerned about the customer? Or is management just looking to save face? I can remember the Tylenol crisis and how well J&J handled it.

While I agree with Jonathan that the frequency of incidents have gone up and management needs to be trained better, I also believe if executives have the best interests of their constituents in mind, things will work out okay...

1 comment:

Jonathan Armstrong said...

Thanks for the reference Manu. I think we're really both agreed. One of the points I was trying to make was that even when management want to 'do the right thing' (and in the case I mention in the article they did - they are one of the most customer-centric organisations I know and indeed world-renowned for that)they don't possess the skills to do that or have been conditioned away from following their gut instinct. I also agree that in areas like security breach those corporations who do look after the victims are rewarded in the longer term. I know of examples of this - one of my clients even tracked majority positive calls into its call center because of the way it had handled its breach.