San Diego, CA (PRWEB) July 22, 2009
With the August 1st deadline for Red Flag compliance looming, companies need to consider how their trigger team will communicate with potentially affected breach individuals. Trying to "figure it out" at the time of a breach occurrence is a poor business practice. Businesses need to decide ahead of time what services might be needed for the investigation, as well as which companies will assist with communications to the public.
How a company or agency informs a customer or client that data records containing their personal information have been exposed will have a significant impact on how they react. If your notification creates an angry negative response, the problem for the business is multiplied by the number of breach victims. A 100,000 fearful, angry breach victims will have a significant impact on a company or agency. The letter you send out regarding a breach may have broader implications than you realize. The Identity Theft Resource Center® (ITRC) has studied hundreds of breach notification letters and identified a wide-spread "failure to communicate."
Breach notification letters set the tone for continued relations with the potentially affected individuals. These letters are required by most states. Many breach notifications are inadequate or have the potential to set off alarm bells in the minds of the reader. You only have one chance to create a reasonable reaction from the client or customer, and make the case that your company is doing the right thing.
ITRC's analysis found that most letters are long, confusing, and bury needed information.
Many do not provide correct instructions, and often refer the person to another entity such as a "for profit company" that is providing a monitoring program. Companies often use language that is difficult to understand by the general public. A breach notification is not the time for an attorney to write a brief. A breach notification letter needs to be easily understood and contain information that will restore trust. Companies should only entrust the writing of these letters to those who are skilled on how to speak to people in the midst of a personal crisis.
Several years ago, ITRC developed a consulting program to work with companies to enhance their communications regarding data breach exposures. ITRC has 10 years of experience working with victims and knows how to speak with those who are upset or fear identity theft victimization. We know what words will trigger a negative reaction and what words will have a positive affect. ITRC utilizes those language skills in our breach consulting program - we speak "breach-talk." The reality is a person receiving a letter is not an identity theft victim. However, letters that go out often mislead readers and lead them to fear the worst.
ITRC has a proven track-record for handling breaches using techniques that enhance consumer trust issues. We help develop FAQs and other resources for websites, train call center personnel, and prepare the spokesperson to deal with the media. Our goal is to inform without confusion, and to limit fears and concerns with precise, clearly stated, consistent information.
As part of the potential breach preparation, ITRC strongly recommends having a resource list available of organizations that can help in a crisis. For more information about the ITRC Breach Consulting Program, contact: ITRC at 858-693-7935, ext. 111 or ext. 101.
About the ITRC
The Identity Theft Resource Center® (ITRC) is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem. Visit http://www.idtheftcenter.org