May 25, 2016Don’t let a data breach catch you without a plan for talking with reporters and the public, said panelists at a Day 2 session at the CNP Expo in Orlando, Fla. “The worst thing you can do is stumble,” said John Stewart, editor of Digital Transactions. “Don’t stumble. Don’t lie. Don’t make things up. And return calls, saying as much as you can.” The panel of journalists and industry PR spokespeople on Wednesday recommended being open and honest following a data breach. “Don’t say, ‘I don’t know,'” said Patrick Dix, senior public relations manger for debit network provider SHAZAM. “Instead, say this: ‘That’s a really good question and one we’re working on.'” Also, experts on the panel urged audience members to make any plan broad and flexible. “You need to make sure you have a plan that covers a wide variety of incidents,” said Leigh Nakanishi, senior vice president at Edelman, a Chicago-based communications firm that has worked on several high-profile data breaches. Also, panelists said, it’s vital to coordinate between the departments involved. Make sure the tech team understands the role of the public facing team and make sure the PR team understands what the tech team is saying. And haste is crucial. A story can get out of control within hours, Stewart noted. “In this age of Twitter, it could be 30 minutes,” he said. But, companies that work on a reaction plan months and years in advance will not be caught flatfooted and may be able to avoid a crisis, Dix said. Building relationships with reporters in your market and nationally is critical. “If you’ve established some sort of rapport, it’s a lot easier,” Marco Santana, business reporter at the Orlando Sentinel, said. “It’s a matter of being open and up front about things. You want to be in front of that story.” Nakanishi agreed and said companies facing public disclosure of a breach should seek out knowledgeable, fair reporters and give them the story first. Most importantly, don’t make yourself look guilty. “I ask people, ‘Did you do anything illegal or malicious?’ Then don’t act like it,” Dix said.