In the recent case we were involved in, the company very quickly set about investigating and rectifying the breach but hadn’t fully considered the potential 2nd order effects of personal data being accessed, where it might end up and what it ‘might’ be used for. When discussing this with the client, there’s a need to strike a balance between good informative advice and proactive measures without frightening them and creating paranoia.
It’s essential to speak directly to the client at the highest level, and to individuals the breach is most likely to affect personally. In our experience there is often the need to think short-term due to the nature of the incident and to focus on getting things fixed without thinking about the long-time effect and what this may mean to executives’ privacy and reputation. This happened on this task, and although the client initially didn’t believe they required these services, we briefed the CEO and the team directly around him with a suite of options they needed to consider, all of which they agreed with and accepted.
Post briefing, the executive team and company representatives didn’t realise that they needed these services as they were unaware of the implications of the data breach could have on their personal lives. Fortunately, they did not decide against the most critical requirements, including a physical audit of various residential properties.
Key take away, ensure you brief to the highest level possible especially when it involves personal information. Brief clearly and objectively. Ensure key team members are included in briefings and the messaging and advice remains clear and on point.