A failure or delay in accurately reporting a potential privacy event is the number two driver in costs associated with a response – with an increase in costs of approximately 25%-50%. (Preparation is #1.)
An effective event reporting process contains:
- A clear reporting process that is well known to all decision-makers.
- An understanding of the types of events that should be reported.
- The reports should go directly to a team at HQ. A system where these reports go “up-the-chain” invariably results in substantial under-reporting.
- A process whereby an employee may report a concern anonymously.
- Resources to allow team members to get guidance and information about privacy or security issues of all kinds.