After a series of high profile data breaches affecting millions of consumers, executives and lawmakers are paying greater attention to data breach prevention and response standards. Criticisms of the affected companies range from insufficient security precautions, to poor disclosure and remediation.
Federal regulators and banks have argued that retailers and payments systems processors should be held to the same strict data protection and notice standards as financial institutions. Other industry observers have pointed to poor customer service by affected companies following breaches. Has your company revisited its information security programs following recent data breaches? Do you have a formal plan for responding to potential breaches, including notice and remediation?