How can retailers minimise the impact of a data breach?
Repairing the damage caused by cyber crime is an expensive operation. US retailer Target estimated that a single data breach in 2013 cost the company £103.2m in one quarter alone, while Talk Talk recently revealed that the cyber attack it suffered in 2015 could end up costing it up to £60m.
Addleshaw Goddard’s reputation and information protection team partner Abigail Healey says: “While you cannot plan for every eventuality, retailers can be prepared in terms of having a team and crisis plan in place so that you hit the ground running if or when a breach occurs”.
That team is likely to include senior management, forensic IT specialists, legal experts and communications professionals.
The key will be to establish how the breach occurred and, crucially, what data has been lost, stolen or inappropriately accessed. Preventing further disclosure and misuse must also be a priority.
“It may be appropriate to seek urgent injunctive relief, although there are other practical steps which can be taken,” says Healy
“If customer information has been published online, engaging with the relevant host may prove to be a quick
and effective means of having the information taken down, even if it is not a complete answer”.
Other considerations may include whether to notify the police or other relevant law enforcement agencies as well as what messages need to be communicated to those whose data has been breached, key stakeholders and the media and public.
“A business may face monetary penalties, but the damage to the businesses’ brand and reputation may be far greater, so it is key to
have a strategy in place to manage the situation” says Healey.