How to Talk Publicly about Data Security Breach

Major data security breaches are becoming more common. Among the many that have unfolded in 2014 are Target stores and Community Health Systems (the second-largest for-profit U.S. hospital chain).

Now Home Depot, another major retailer, is in the throes of a substantial payment card breach, apparently involving both credit cards and debit cards.

Home Depot is making some limited public statements. The Home Depot story is only beginning.
Press Releases Matter
Home Depot’s public communications will influence the final outcome of this data breach in terms of law, reputation and customer relations.

I teach a technology law course at the SANS Institute. A key topic is how to communicate publicly about information security, including data breaches and other infosec incidents. In that course students and I review the (in)famous TJX breach (2007). We compare the experience at TJX with the lessons from Target and Sony Playstation Network (2011 breach).

Now, early September 2014, Home Depot’s crisis is playing out. So . . . as of the live delivery of the SANS course October 2014, we will also compare Home Depot’s public and legal response.

The title of the course I teach is Law of Data Security and Investigations. The course is unique in the world.

The goal of the course is to equip professionals with the skill and knowledge necessary to respond to future events in computer security and investigations.

By: Attorney Benjamin Wright