Shostack + Friends Blog Archive


How To Notify Customers After a Breach


I referenced Larry Ponemon’s “After a privacy breach, how should you break the news?” months ago.

Now there’s more data, in a survey sponsored by the law firm of White and Case.
They have a press release, and you can download the
full survey.

As Chris pointed out, knowledge is good. According to the survey, there’s a four-fold shift in customer churn if you notify well or notify poorly. Best, of course, not to have the data, or if you have it, to keep it safe. But if you mess up, you do get one last chance for redemption.

(The dam is on Staples Mill Pond, in Richmond, VA.)