In Keeping the Trust Dr Larry Ponemon identifies the 4 basic questions a company CIO should be able to answer in data security planning:

• Detection: Is your company able to detect the breach of sensitive personal data?
• Escalation: Is the company able to report the breach of sensitive personal information to appropriate personnel within a specified time period?
• Disclosure:Is there a process in place to notify each victim with a letter sent by first class or express mail (and corresponding telephone call or e-mail)?
• Redress: Is the company prepared to provide each individual whose sensitive personal information has been breached with a means to contact the company and ask additional questions or obtain recommendations to minimize potential harms resulting from this breach?

He also identifies six mistakes that can cause a company’s reputation to tank and gives 8 recommendations for remedial action in the case of a data breach that will let customers know there’s been a breach of their data and help them keep their faith in you. (via BeSpacific)