Once the nature, size and seriousness of the breach are ascertained, the biggest decision (where applicable) is to decide whether to come clean over the breach, and how to go about notifying interested parties.

Although disclosure laws are increasingly forcing organisations to make public their personal data failings, there remains a tendency to sweep the problem under the carpet.

The image and monetary implications mean companies prefer to deal with the problem in house. According to a recent report from an RSA Conference survey, as many as nine out of ten incidents went unreported in 2007.

‘With 29% of respondents stating that they experienced the leakage of employee or customer data, it is alarming ...