This IDC Perspective discusses the requirements governing the notification of affected individuals by organizations that experience a data breach. It includes nine pieces of critical knowledge for technology and business leaders to consider as they determine the criteria under which they will notify individuals of a known or suspected breach and the actions they should take to rebuild consumer confidence.
"The days and hours immediately after a data breach are critical," said Mike Chapple, adjunct research analyst with IDC's IT Executive Programs (IEP). "Organizations that suffer a data breach should quickly take action to rebuild the confidence of affected individuals and shape the message shared with the media. Mistakes made early in the process can cause financial and reputational damage with lasting impact."