It is critical that all companies have in place a data breach response plan which includes the names of all persons charged with response duties, sets out each person's tasks, states when and in what order those tasks should be done, and identifies which outside parties (e.g., law enforcement authorities, media relations personnel, breach response consultants) should be contacted after breach discovery.

Of course, simply having a plan in place is of little value if not kept current, and regularly tested. A recent industry-recognized study found that a majority of businesses surveyed had a data breach response plan in place, but many were not confident in their response and did not practice their plan through discussions or drills. In the words of Peter Drucker, "Plans are only good intentions unless they immediately degenerate into hard work." It is important that each business not only have in place a robust breach response plan, but be ready to put that plan into action on a moment's notice.