Epsilon General Counsel Admits Lessons Learned From Its Data Breach
Thursday, July 14, 2011
On June 2, Epsilon Data Management's General Counsel, Jeanette Fitzgerald, answered questions before a Congressional inquiry panel about the company's massive data breach. While Fitzgerald has been with Epsilon for five years, she became General Counsel in January 2011.
Epsilon, a marketing e-mail company, suffered a data breach earlier this year which exposed the e-mail addresses of millions of consumers. Basically, a hacker broke into the company's e-mail computers and stole millions of e-mail addresses. This subjected consumers to phishing spam. Congress demanded an investigation.
The Congressional hearing, titled "Sony and Epsilon: Lessons for Data Security Legislation," included another major witness: Tim Schaaff, president of Sony Network Entertainment International. Sony experienced about four major breaches earlier this year. C-Span provides video testimony from Schaaff and Fitzgerald. (Hearings by the Subcommittee on Commerce, Manufacturing, and Trade are also on Youtube.)
As reported in Corporate Counsel:
"... Epsilon fully supports national legislation that would create a uniform standard for data breach notification..."
Perhaps more importantly and for other C-suite executive, Fitzgerald listed what her company had learned from its data breach experience:
"1. Have a data response team and a response plan in place: "I cannot stress enough how important it is to have staff across disciplines who are smart and capable of thinking on their feet. [The crisis] required fast-paced decisions."
2. Consider your insurance now. If you don't have it, can you get it? And if you have it, ask yourself if it is broad enough to cover the many situations you may encounter.
3. If you find yourself in a data crisis, take some time to evaluate what the repercussions are likely to be. "Thinking it through first will guide how you respond to the fast-moving issues."
You would think that given the multitude of high-profile data breaches during the past few years, that any company or c-suite executive paying attention to the news would already know this and prepare.
Comments