Question

how should a firm communicate a breach of privacy (hack) to its customers ?

Answer 1

A data breach can disintegrate clients' trust in a firm, which can cause in lost business. It can likewise disintegrate the general public’s confidence, which can bring in lost business opportunities. Hence, the size of the breach and the types of information stolen affect the level of confidence people have in a firm that has been hacked. However there is another significant segment in the confidence-level equation: how a firm responds to the crisis. Consequently, firms that have encountered an information breach must be transparent, communicate effectively, and follow through on promises.

Any firm need to be transparent about the information breach. In other way, firms need to fully disclose information about the event in an accurate and timely manner to their customers. It is far better, if news about the breach comes from official channels of the firms, rather than being leaked by someone else inside or outside the firm. Firm must inform their staff, customers, suppliers, and anyone else who needs to know about the event. When informing the customers, it is very important to be honest about the size of the breach and the types of information stolen.

Communicate Effectively:

Simply informing everybody there has been a data breach is not sufficient, if the firm needs to maintain their customers and salvage their business’s reputation. A lot of thought must go into what to say and when to notify the various groups. Firm must make sure to:

• Take responsibility for the breach and apologize.
• Inform the customers that firm is taking the information breach very seriously.
• Empathize with the victims.
• Give insights regarding the type of data that was lost and how it was lost, unless prohibited by law.
• Discuss what steps firm is taking so that this type of incident does not happen again in future.

When informing the customers about the breach, firm also need to include:

• The choices or next steps they can take (e.g., customers can sign up for a complimentary identity protection service)
• Where they can find more information (e.g., calling a toll-free number or by visiting a website of the firm)

• Instructions to detect fraud (e.g., regularly monitor bank or credit card accounts)

The timeframe in which to notify breach victims and authorities is frequently regulated by nation, region, or industry-specific agencies. For instance, the European Union General Data Protection Regulation (GDPR) mandates that customers must be notified within 72 hours of first becoming aware of the information breach. These agencies may also direct what needs to be included in those notifications.