Data Breach Comms: Are You Ready for the Inevitable?

• Tweet

• Tweet

This past week, I had the pleasure of participating in a panel on data breach communications at the inaugural SC World Congress, held in NYC at the Jacob Javits Center.  I was joined by Rich Baich, principal for security and privacy, Deloitte and Touche, and Dan Kaplan, senior reporter for SC Magazine. For an hour, we talked with audience members from businesses, standards groups and other organizations about best practices in data breach PR.

But the most important thing about this panel? That it was on the agenda at all.

Let me explain.

SC World Congress was billed as “the only dedicated IT security event focused on providing the latest solutions and inside information to help IT & data security professionals do their jobs better.”  Naturally, the majority of the sessions focused on topics that you’d expect to be of interest to “IT & data security professionals,” including “PCI: More Data=More Regulation…Finally,” “Global Data Threats,” “IT Security Governance,” and many more along those lines.

So when I was approached to participate in a panel at SC World Congress on how to handle communications around a breach, I was thrilled. Thrilled because the inclusion of a PR session at a security event reflects a growing awareness among the security industry that smart, effective comms around a breach is one of the most important considerations when the inevitable happens. It also points to an increasing appreciation for breach comms as a key responsibility of the CSO/CISO.

(On a more personal note, this marks my third such engagement this year, and since us PR folk all know that three constitutes a trend, we can officially conclude that the security industry “gets it.”  Right?!)

Equally thrilling is that I had the honor of talking about data breach PR with Rich Baich, who had the tough job of being CISO at ChoicePoint in 2005 when it was forced to deal with a well-publicized “incident.”  Baich weathered that storm nicely and now dedicates a fair amount of time, both in his professional capacity as principal at Deloitte and on the speaking circuit, to sharing best practices with other security professionals to help them deal with similar situations.

Dan Kaplan moderated what I thought was a really good, interactive conversation.  We touched upon a lot: why breach PR is important, how to prepare for a breach, elements of a breach comms plan, breach notification law, the role of the CISO during this time, etc.

Stay tuned for a video with highlights from the panel…

As a sidenote, hats off to SC Magazine for putting on a solid event.  It seemed like everything was conspiring against the conference, including all of the challenges associated with introducing an event at a time when most conference managers are circling their wagons and scaling back.  Add to that an economy that’s all but obliterating travel budgets for attendees and event budgets for exhibitors… and oh, let’s throw in some rainy weather too.

But Illena Armstrong and the crew at SC Mag pulled it off.  Through some very unscientific polling (over cocktails and post-panel chitchat), I found that exhibitors were pleased with the quality of attendees (C-level, decision-makers), and that attendees enjoyed the breadth and quality of sessions.

If you have thoughts on SC World Congress or your own story about breach PR, I invite you to join the discussion. We’d love to hear your thoughts.