Data breaches are crisis moments that businesses must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory requirements, and communicating adequately with customers. Waiting to think about such issues when a data breach occurs can increase costs (including the costs associated with the time needed to restore normal business operations) and harm a company's reputation.
This last point is important and can easily be overlooked. Smart preparation should include thinking intelligently about media relations. Helping to shape – perhaps even trying to contain – the media narrative can be extremely important in managing a data breach crisis and restoring business as usual.
A recent study goes a step further, suggesting that if handled well a data breach can actually help the bottom line. This counter-intuitive conclusion, conducted by Sebastian Gay at the University of Chicago, is based on data from breaches occurring between 2005-2014. The paper finds that "firms manage to avoid the full negative effect of a privacy breach event disclosure by releasing on the same day an abnormal amount of positive news to the market." In other words, sometimes companies have maintained a store of "good news" that they bundle together and release at around the same time that they disclose a data breach, which not only offsets the negative effect of the bad news of a data breach, but actually increases the bottom line.
While the paper is worth reading in full, and poses some tantalizing avenues for further research, the point is this: although a data breach is a business crisis, with good, thoughtful preparation, it can be managed well.
To view Foley Hoag's Security, Privacy and The Law Blog please click here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
