Data breach notification: Are you meeting customer’s expectations?

Government regulation, including the well-known HIPAA and GLBA, are quite clear on the notification requirements for businesses suffering a data breach but simply adhering to the regulations is not enough to keep your customers.  The responses to recent breaches show that customers are unhappy with organizations such as the South Carolina Department of Revenue, Adobe, ADPI and Nationwide Mutual Insurance for their poor response.

In the 2012 consumer study on data breach notification, it was found that 72% of respondents were disappointed in the way notification was handled.  67% says the notification did not provide enough details about the breach.  Furthermore, data breaches have an impact on whether the organization can keep its customers.  Following the breach, 15% will terminate the relationship and 35% say the relationship depends on whether the company suffers another breach.

Ponemon Institute provides some guidance on how organizations can better handle data breach notification.  First, notify customers quickly following a breach.  If you are unclear about the entire scope of the breach, explain that the investigation is still underway.  Next, provide that notification in a way that differentiates it from junk mail.  Notification letters should be short and easy to understand with specifics about the breach and what the impact is to the customer.



About The Author


Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Leave a Reply