This is an update on a presentation I made a year ago on data breaches. It includes a couple of slides on social web comment on the Heartbleed bug, in particular the role of Twitter as the key platform for comment.
3. Bill S-4: Digital Privacy Act
3
April 8, 2014
“Released today, the act was touted as an update to the
Personal Information Protection and Electronic
Documents Act. It requires organizations to tell
individuals if they’ve lost any personal information, and
if they could be targeted for risks like identity theft. They
will also have to give individuals advice on next steps in
protecting themselves, and they will have to inform the
federal privacy commissioner about the data breach.”
Candace So So
http://www.itbusiness.ca/news/businesses-could-face-fines-of-100000-per-individual-digital-privacy-act/47931
4.
5. April 9, 2014
“The Canada Revenue Agency has shut down
public access to its electronic services
website over security concerns related to the
"Heartbleed Bug," a newly discovered
software flaw that has made information on
many of the world’s major websites
vulnerable to theft.”
http://www.ctvnews.ca/canada/security-concerns-prompt-tax-agency-to-shut-down-
website-1.1767727#ixzz2yQ2W5k88
13. ‘There won’t be a significant event in the future that
won’t involve public participation… Social media
(is) the sociological equivalent of climate change.’
Retired Admiral Thad Allen
23. “[Brands suffering data leaks] should email people, post on Twitter,
Facebook and address their customers where they are - you shouldn’t
have to let people do a Google search or find out through word of mouth.”
• Alys Woodward, research director at market intelligence firm IDC Europe
24. Speed works
1. Validate . . . then acknowledge as quickly
possible
2. Provide interim action advice or comment
(‘Change password immediately’ . . . ‘Do
nothing for now)
3. Accept the need for frequent and timely
communications (1-2 hours)
4. Use the social web for your own purposes to
confirm commitment to protect customers
Principles for managing a data breach crisis on social
24
25. And knowing social dynamics
5. Be transparent about the scope and
consequences of the breach (can’t hide
from the social web)
6. Use multi-platform communications (Twitter
first of all, but Facebook, YouTube, etc.)
7. Use #hashtags related to incident so your
info. is there in frame used to share news
(Twitter/Facebook)
8. Use multiple media formats (visuals + video
+ text) . . . facilitates sharing and therefore
amplification
Principles for managing a data breach crisis on social
26. Use what’s available to you
9. Support amplification through
paid/promoted tweets/Facebook posts
10. Reply to social web dialogue + questions
with ‘confident humility’
11. Commit to fixing the problem and/or your
internal processes
12. Get ready now for the social web part of the
crisis
Principles for managing a data breach crisis on social
27. Data breach response team
Privacy Officer
Communications
Legal
HR
Chief Information
Officer
Data Breach
Response Team
Risk Management
Who Leads?