I’m a new believer that there is no sure defense against data breach attacks. I learned in the same week, that two of my favorite companies had suffered data breaches. The one that surprised me was Zappos.com. As a fairly recent acquisition of Amazon.com, I figured that the two online giants would combine their security technology and make it impossible for anyone to breach their servers or other data. I obviously figured wrong and realized that no matter how great and beefy a company’s security is, breaches still happen. But not surprising, Zappos executives handled this breach in the best manor possible by notifying those millions of people whose records may have been breached. In fact, the CEO even tweeted the actual email that he sent to employees of the company explaining how they are handling the situation. Very respectable.
My mind tends to wander sometimes as I read and as I read the email via twitter, I could not help to wonder how much time, money and effort went into the notification process alone. There is a law that requires any entity that experiences a data breach to notify everyone whose information may have been breached. Albeit, I’m sure that Zappos would have sent notifications even if this law did not exist. It would seem that notification is just the beginning. After the notification process I’m sure there would be public relations, investigation and forensics and possible lawsuits to deal with. I have not found anything suggesting that this breach has resulted in any lawsuits.
If you have spent any time with me in the last couple of years, then you know that I do not shut up about this subject. In fact, this is my second blog regarding this topic within the last few months. I believe strongly that this is a serious challenge that many business owners have to deal with. As it is, it seems that there is no absolute defense against data breaches, but every business should have a plan in place, just in case it does happen. For more information regarding this topic, I recommend www.privacyrights.org and http://www.ponemon.org/.