Rebecca Herold on Security Breaches

Today’s TRUST Seminar featured Rebecca Herold, a privacy and security consultant with Information Shield.

Herold covered many of the challenges of shielding a business against data security breaches, including the difficulties of convincing executives to invest in security (a topic of substantial interest to the Clinic). A tool that Herold developed would help in that effort: a privacy breach calculator.

She shared an interesting anecdote—Herold said that in a former job, she made sure that she read the Wall Street Journal early in the morning, before the senior executives did. Why? Because if there was a breach at another organization, the executives at her organization would want to know whether procedures were in place to avoid a similar problem. This is consistent with a major finding of a recent paper published by the Clinic on security breaches. In it, we found that organizations had a “that could have been us” moment when learning about breaches at other businesses. This knowledge mobilization helped organizations avoid breaches at their own business, and supports the need for centralized reporting of breaches.