Crisis Communications

Crisis Communications: Best Practices for Managing a Data Breach

By Sandra Fathi | On September 6, 2019

In today’s digital age, private information is becoming more accessible and vulnerable to hacks and data breaches. Companies of all sizes need to be prepared for potential threats, both behind the scenes and in the public eye. For incidents like Capital One’s data breach, an effective crisis communications plan is needed to keep customers – of more than 100 million records – up to date on the status and progress of the situation. 

CEO’s need to assume their company will fall victim to a data breach at some point and must be prepared to communicate with stakeholders if an incident occurs. Ideally, a crisis communication plan should always be developed and readily available prior to any potential attack. As a reminder, here are some best practices when responding to a data breach:

  1. Don’t delay: Having communications materials ready in advance is extremely helpful when dealing with a high-pressure and fast-paced situation. This prevents any unnecessary wait time in making a statement to your employees, stakeholders, affected parties, and the general public. 
  2. Acknowledge the situation: Notify all relevant stakeholders and customers stating the details of the situation, who was affected, and an intended remedy method. Be sure to follow each states data breach notification laws to stay compliant.
  3. Acknowledge impact and victims or potential victims: State the information that was compromised and confirm commitment to taking corrective measures.
  4. Be transparent: Commit to investigation and sharing information and cooperation with relevant parties.
  5. Share corrective action plan if available: This involves developing a full response plan inclusive of policies and procedures to reassure stakeholders.

Understanding these key steps when dealing with a data breach crisis is one part of managing a crisis, strategically executing these steps is where you need support. At Affect, we’ve supported many clients through a variety of security crisis situations – if you are interested in learning more about preparing a full crisis communications plan or conducting a crisis communications simulation, please reach out to me at sfathi@affect.com.

Sandra Fathi

Sandra Fathi has spent the last 20 years helping technology, healthcare and professional services companies achieve their goals. As President and Founder of Affect, a public relations, marketing and social media agency, Sandra has successfully led the company with consistent growth since the agency’s inception in 2002. Sandra is also active in the communications industry and professional community. She has been a board member of the PR Council and has served as Chair of PRSA’s Tri-State District, President of PRSA-NY and President of the PRSA Technology Section. Adding to her accolades, Sandra has been recognized as one of PRNews’ Top Women in PR, a PRNews PR Professional of the Year finalist, and a Bulldog PR Agency Professional of the Year.