Breach notification law letters have contributed to the importance of information security throughout every business level of an organization. Every department of a corporation has the responsibility to detect, monitor, investigate and report breaches; whether a data or physical breach. Reports of breaches help not only IT security officers maintain awareness, but also every other member of an organization as well.
Breaches cause reputational damage to organizations, and each one can have major consequences to the corporation. Breach notification letters lead to awareness and attention that may have gone unnoticed or unknown by other companies. These letters must follow the following guidelines when being written: Take responsibility and apologize.
Be clear and unassuming. Most people today understand identity theft, but data breach is still a foreign word. Explain what happened, be transparent and honest. Write at a simple understandable level that everyone can understand. Explain the customer options without scaring them. Provide them a phone number and resources if they are concerned and want assistance. Remember that the customer is a single person and should feel that the company is making a genuine attempt to protect them. Be leery of red flags. Letters should be sent to someone outside the company and ask how it reads to them. Does it scare them or do they feel some type of comfort? Explain how the company is ensuring that this type of incident doesn’t happen again. Apologize again.