The risk management technology company Intersections Inc. and the Identity Theft Assistance Center were expected to unveil Breachcenter.com today, a Web site where companies that have suffered a data breach can share their experiences.
Since data breaches often catch companies unprepared, the flow of information about the incidents tends to be slow, which can aggravate the harm, John Scanlon, Intersections' chief operating officer, said in an interview last week.
"We've found that there are many, many sites that focus on the technical aspects of breach recovery — the forensic analysis and those kind of things — or the breach prevention space," he said, "but there really isn't a central point of information for companies to deal with what we refer to as the human side of breach response."
Breachcenter.com can help the companies understand their legal obligations regarding notifying those who may be affected, he said, and also let them understand that they are not the only victims in the event of a breach.
"In some sense, the company is a victim, but when you take it from the perspective of consumer advocates and media and regulators … , they don't view the company as a victim. They view them, at best, as an unwitting enabler and at worst as a perpetrator of some harm being done to consumers," Scanlon said. "It's a really tough message for a company to accept in the heat of a breach happening."
Anne Wallace, ITAC's president, said that one of the challenges faced by Breachcenter.com is that "the kind of people who are in charge of planning and response to a breach may not be used to sharing their thoughts. They may not be used to social networking."
She and Scanlon said that, to address this, their organizations are planning to encourage companies to participate on Breachcenter.com.
The site's focus is a "wiki," a community-fueled knowledge base that includes information about how best to address these concerns. Intersections and ITAC both plan to contribute to blogs on the Web site, as well as to a discussion group.
The two entities worked together previously on the Sentinel identity theft recovery product that was designed to help consumers and businesses.