Most organizations do a good job staffing their data security teams with appropriate people from the leadership and technology areas. However, one discipline that is often overlooked, but critically important, is public relations.
The best time to prepare your data breach communication plan is before an incident occurs. This checklist of the basics will help get you started. (download)
1. Select the Organization’s Spokespeople
2. Draft Key Messaging for Practice
3. Train Spokespeople on Basic Messaging
4. Develop a Rapid Internal Communication Plan
5. Determine How to Notify Those Affected
6. Know How to Work with the Outsourced Call Center
7. Establish an Internal Escalation Line
8. Have a Process for Notifying the Media
If your organization isn’t large enough to have someone with public relations skills on staff,
ask your attorney or HIPAA consulting firm for a recommendation because there are special
skillsets that will be necessary to help your organization prepare for and respond to an incident.
Working with Legal Counsel
Mark every document “Privileged & Confidential – Prepared at the Request of Counsel.” (Consult with your attorney for the exact wording.)
Have all work products, from internal notifications to press releases, approved by legal counsel.
Retain all internal and external communication and assume they may someday be discoverable in court.
To learn how Phillips & Marek can help you plan a successful data breach communication plan, contact us today!
Comentarios