Close
In this digital world, data management is a significant responsibility and a data breach is an equally significant risk. Should things go wrong, businesses must take steps to minimise the impact. With the changes to the Privacy Act coming into effect this week, Andrew Giles, Head of Public Relations and Communications for Canon Australia, shares insights on how to preserve trust and maintain strong customer relationships.
Andrew Giles, Head of Public Relations and Communications for Canon Australia, shares insights on how to maintain your customers’ trust and minimise reputational damage should you find yourself facing mandatory notification of a data breach.
The subject of data breaches will soon become a very public, whole-of-business challenge as the new Data Breach Notification obligations come into effect on February 22nd, and regulators will begin to enforce the new laws.
There is no doubt that a breach of personal information is a sensitive issue. But it’s not necessarily the breach itself that will affect your brand as much as how you handle it. In fact, a report by Deloitte showed 33% of customers actually gained trust in an organisation after being alerted by the company about a breach.
Now is the time for marketers and communications experts to prepare crisis response plans. An effective initial communication will put the needs of the customer first, achieving limited damage to your company’s reputation while maintaining trust.
How should you communicate with customers?
As the Office of the Australian Information Commissioner (OAIC points out, the first 24 hours of a breach are the most crucial for your business). Customers entrust you with their information, so should anything go wrong, you need to act with speed and transparency to protect those affected.
If the worst does occur, one of the top things to remember, is that the sooner you can tell your customers, the better. This is not a legal requirement, but responding quickly could help you significantly minimise the impact on your reputation and help you regain your customer’s trust. If a breach is discovered, act quickly and follow these steps:
Bring together the key players forming your response team
Gather the facts fast from your IT team – it’s important to understand how the breach occurred, how it’s being contained and what steps you are taking to prevent it from happening again
Send a direct, personalised message via email or mail letting each customer know what has happened and what action you are taking to fix the problem – and ensure it doesn’t happen again.
Prioritise telling customers and stakeholders who are most impacted by the breach. It’s important that they hear it from you rather than another source. Consider calling them directly.
Release a statement, covering the details outlined above, on all communications channels. Be honest, open and transparent.
Communication should focus on minimising the impact so ensure your tone of voice strikes the right balance between apology and action to mitigate the risk. Customers want to know that you’re taking responsibility, and that you’re doing everything possible to protect them. This could include identifying actions they should take, eg informing their bank of the breach if financial information has been compromised.
Appoint an internal spokesperson who can field enquiries from the media and concerned customers. Provide a phone number and email of someone who can be contacted for more information on what actions those affected can take to protect themselves. Respond promptly to all enquiries.
Send regular updates if the situation changes or if there is anything else they should know.
Prevention is key
Ultimately, prevention is about mitigating or reducing harm from the occurrence of a breach – quickly. And that’s where the three Ps are critical: Prepare, Prepare, Prepare.
The OAIC recommends having a Data Breach Response Plan in place. Ideally, this will be part of your ‘business as usual’ activities, tying in with the broader plans for managing similar risk issues.
Key elements of a response plan include:
incident scenarios
risk level assessments and ratings
details and structure of the response team
contact details for all stakeholders
a stakeholder communication hierarchy
templates of documents such as incident forms and internal/external communications (press release, emails, social media etc.)
consistent messages about the breach to prevent confusion.
The result should be a clear picture of how the company will respond to the potential harm of a breach.
In today’s digital world, no business is immune to the dangers of a data breach. Use the imminent data privacy laws as an excuse to plan your crisis communication strategy now, rather than waiting for a breach to impact your business.
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
In the new era of law, contracts are being completely re-designed or even re-imagined in various ways to make them easier to understand
Dr. Hugh Bradlow, Australian Academy of Technology and Engineering, shares his insights on the growing cybersecurity war, and how to manage risks and resilience in a world of unknowns.
Data science can give you the insights you need to create new services and transform your business. But, if you don’t understand your data, you risk making bad business decisions or worse, automating them for years to come. Here’s a few things you should know to get started.
With modern technology, the healthcare sector is becoming more connected with an increasing number of ‘things’ now using software, for example medical devices. It’s creating a new world of cybersecurity concerns, but how does the healthcare sector measure up when it comes to managing Information Security?
With cyber crime on the rise in Australia, it’s becoming more important than ever to protect your business with cyber security training. We look at how your employees are your best weapon against cyber attacks.
As technology enters classrooms, auditoriums and libraries, it brings new risks to the education sector. All it takes is one click from a student device to potentially compromise your entire network. Faced with these various threats, does the education sector receive a ‘High Distinction’ for its efforts to protect its troves of student and staff data? Recent findings from the inaugural Canon Business Readiness Index on Security suggest not.
There is a lack of clear standards relating to how school records should be secured. As a result, the level of security varies from school to school, and sometimes within an institution itself. What can you do to ensure your school is exercising best practice with your school records?
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough. Here are some big business takeaways that can substantially benefit your business' security.
In February 2018, Australia’s privacy law will change. If your organisation is covered by the Australian Privacy Act (this includes all Australian government agencies, and businesses and not-for-profit organisations with an annual turnover of $3million or more), then these changes will apply to you.
After years of hype, artificial intelligence is ready to disrupt the workforce – and it’s time for executives across industries to pay attention.
