What to do after a data breach

Rick Kam, president of ID Experts, a provider of identity theft protection and data breach services for consumer and corporate customers, said that corporate data breaches are becoming all too common and costing businesses money and clients. He said the Computer Security Institute has reported that 46 percent of computer security professionals have had security incidents in the past year, 26 percent of which have had more than 10.

The Identity Theft Resource Center said that in the first quarter of 2008, 167 breaches were reported. That's more than double the first quarter of 2007. Last year alone, nearly 128 million personal records were exposed. Kam's answer: Adopt a proactive plan and tactics that maximize retention. He recommended that firms have a thought-out and actionable plan in place so your post-breach response can be as effective as possible.

He said that companies must be prepared to deliver timely and forthright notification to customers to avoid the appearance that they are hiding something, and must be ready to provide complete and believable information. He also noted that if there is a breach and you must be the bearer of bad news, also be the bearer of solutions by giving customers the information they need to protect themselves and take care of business.

For other tips:
- check out this CSO Security and Risk article