Organisations need to put customers at the heart of everything they do. A data breach has potential for a significant brand and reputation damage. In the event of a data breach, what should an organisation do?
KPMG has developed a series of videos on data privacy including practical steps for organisations to comply with the new privacy regulations, questions executives should be asking about data privacy and what to do if you have a data breach.
Organisations need to be transparent about the breach, identify affected individuals and notify those individuals and potential notify the regulator.
In terms of communicating with affected individuals organisations can set up hotlines, dedicated websites, send text messages along with emails. Be transparent and open to help people understand what has happened to the information.
We’ve seen organisations not handle data breaches well and there has been significant fall out to brand, reputation, customer loses, share price and on-going litigation. Privacy is at the core of brand and reputation.
KPMG can help organisations address their data and privacy protection issues. We can assist with help data breach responses by identifying attack sources, defining and implementing a recovery strategy including ongoing monitoring services to detect more specialised breaches. We also can investigate data breaches using our Global Investigations Methodology – investigating the root cause of data breaches, putting you in an informed position to make important decisions.
© 2020 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. Liability limited by a scheme approved under Professional Standards Legislation.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.