Oh, joy—your company has had a data breach. Now comes the high-wire act of deciding how, and when, to announce that fact to the world. And don’t forget that the whole world might be watching, so your time to decide will be measured in hours, if not minutes.
That being said, once a company does discover a breach, the decisions about disclosure don’t get any simpler just because you have less time to decide. You have a bundle of variables and nuances to consider, and the process is anything but simple. Such was the recent case with Global Payments, an Atlanta-based company that helps Visa and MasterCard process transactions for merchants, and which experienced a breach earlier this year.
