Kroll Conversations: Meet the Breach Notification Experts

Getting back to business as usual after a data breach involves an array of legal, regulatory and reputational challenges. Enabling organizations to navigate these at pace is everyday life for Josh Toon and Dustin Roth. As part of Kroll’s Data Breach Notification team providing notification and call center services to hundreds of millions of people around the world, they ensure that organizations successfully protect their reputation, comply with their legal obligations and safeguard the interests of their customers.

Josh explains: “What is chaos for our clients is just another day for us. We’re here to  walk them through the breach notification process and make it as stress-free as possible.”

“We support the rest of Cyber and Data Resilience by being that final closure step on these events,” adds Dustin. “Assisting our clients with their breach notification engagements involves coordinating tasks, removing roadblocks and figuring out solutions to complex situations that result from a data breach. We want to make sure our clients are taken care of and that they feel great about how their event is handled.”

Addressing the many facets of a data breach calls for a diverse range of skills. This broad-ranging expertise is reflected in Dustin and Josh’s professional track record. Dustin has ten years of experience in the cyber and legal services industry, with a career spanning construction project management, retail customer care, technical project management and breach operations management. Likewise, Josh has over a decade of management, business operations and account management experience in diverse industries such as technology, sports, marketing, finance, software, sales and advertising.

Navigating Complexity

As security threats continue to evolve, breach notification must keep up. With data frequently crossing many jurisdictions—often simultaneously—businesses may need to comply with a varied patchwork of stringent notification regulations. In response, Josh, Dustin and the wider Breach Notification team at Kroll closely track the evolution and development of data privacy regulations around the world.

Alongside the complexities of shifting requirements in jurisdictions and industries, the team are observing concerning trends impacting key sectors, aligning with findings in Kroll’s 2024 Data Breach Outlook report. “One of the biggest trends we’re seeing right now is the growing impact of breaches on healthcare organizations,” says Josh. “For example, we've seen over a million people impacted from one data breach on just one healthcare organization. That’s a lot of very sensitive information being leaked.”

The two highlight yet another trend they have noted recently: the rise of third-party breaches. “These types of breaches take longer because they're more complex,” comments Dustin. “With a third-party data breach, our client is not the actual data owner or administrator so there's an entire other phase that takes place before you can get to the point of notifying. Organizations in those situations are in a difficult spot because they are trying to coordinate with their clients and control costs but also still retain those business relationships.”

Innovating Ahead of the Curve

With third-party breaches presenting extensive challenges, enabling clients to tackle them often involves the use of Kroll’s proprietary tech, explains Josh. “We're seeing a lot of third-party breaches where one client works with many subclients. For example, a breach at one company could end up affecting hundreds or even thousands of its clients. This is a huge issue in sectors such as healthcare and finance. We’re addressing that with Kroll Notification Navigator, our third-party breach management platform. Instead of companies having to worry about dealing with, for example, 1,000 breaches all at once, we have the technology that can manage all the information across the board for all affected clients under that one company. As a result, the one major company that was breached isn't being overloaded with all of their business relationships reaching out to them at once.”

Even more innovation is in the works: “Of course, no one ever celebrates the fact that they have had a cyber event, but once it ends, we want the clients to feel that the process was simple and easy. We're always trying to improve what we do to make our process even smoother for clients. As part of that, we’re currently working on some new breach notification technology in the back end to make our processing even quicker and more efficient.”

Beyond the Breach

In challenging times, every aspect that can help to advance recovery is important. Alongside continuous innovation and Kroll’s 20 years in the breach notification space, being able to access expert support from across the business makes a key difference to organizations under pressure. Dustin says, “Our One Kroll approach means that if a company has a breach event, they can come to Kroll and we have all the services they need from start to finish, whether that is forensics, document review or something else. That makes things much easier for businesses.”

According to Josh, great working relationships are yet another important element that help minimize the devastation caused by a data breach: “I think the big difference with Kroll is that our clients benefit from a close working relationship with us. Whenever a client or counsel works with us, they get to know us well, so they can rely on the fact that they're going to be supported by a team they've worked with consistently.”

All these elements serve to see companies through what is likely one of their worst times: “When a data breach happens, organizations are immediately put into a highly stressful situation. They're worried about litigation and costs,” says Dustin. “They're also worried about their reputation and just how the data breach is going to impact their business. So it is hugely rewarding for us to be able to identify what organizations’ challenges are and find solutions that fit, then complete the process and get feedback, with clients saying, ‘Wow, thank you; we are very appreciative. You really made this easy."

Discover Our Data Breach Notification Services