Cybersecurity & Data Privacy Communications

Get Your Ducks in a Row: Communications Considerations in Anticipation of a Federal Data Protection Law

This article was first published via PR News.

For years, leaders in business and government in the US have recognized the need for a federal data privacy law. Now, it looks like it might happen1. Regardless of whether the American Data Privacy and Protection Act2 (ADPPA) passes, organizations should evaluate their data-privacy priorities and how they communicate them. Here’s what communicators should consider before federal data privacy governance becomes a reality.

Prioritize Data Governance and Communication

The primary question organizations need to be prepared to answer: What data do you have and why do you have it?

Consumers are more privacy conscious today than ever. In addition, they want to know where their data is going and why.

The call to action? Communicators should collaborate with data governance and privacy teams today. Become a stakeholder in conversations about what data is stored and why it’s collected. Ask hard questions about data collection now.  This will benefit your organization in the future.

In addition, communication professionals can help their tech colleagues understand the reputation risk of managing different types and volumes of user data.

For example, breaches and other cybersecurity incidents happen to everyone. It’s a matter of when, not if. As such, if an organization struggles to justify a relaxed data privacy policy in the heat of an incident, it will make recovery even more difficult.

Evaluate Your Value as a Partner

Not only does ADPPA reevaluate and guide how organizations collect and manage data, it puts service providers and third-party partners under the microscope.

As it currently stands, ADPPA requires organizations to conduct a thorough assessment of service providers and how they provide data to third parties. The need for trusted partnerships extends to communication: When companies share data, you become ‘in it together’ from a media perspective.

In fact, if a partner loses your customers’ user data, the media story may very well focus on you. Each new partnership introduces a reputation risk. So, it’s important to conduct due diligence now.

Similarly, it is critical to have a process for understanding the data privacy policies and concerns of the companies you work with.

Know the Media Landscape

Ahead of communicating with the media, make sure you understand to whom you’re talking and how they approach the subject.

For instance, when engaging with technology and privacy reporters about your company’s data privacy, ensure you understand their point of view. Data privacy is a huge concern for their audience members, who are incredibly knowledgeable on the subject.

Second, bring your philosophy to the table. Make sure the reporters understand your company has thought carefully about data privacy.

Different Reporters’ Pool

In the event of a cybersecurity incident, you’ll be working with a different pool of reporters. Cybersecurity reporters are intimately familiar with how breaches are reported. In addition, they will know the ins and outs of data privacy regulation.

Ahead of communicating with them, understand what the lifetime of a breach looks like, how stories will evolve and what information you should know now or soon.

Finally, when communicating within your industry, be ready to quickly educate trade reporters not well versed with cyber breaches. Work with them to lay out investigation timelines, your company’s policies on data storage and other pertinent information.

Act Today

Beyond these core tenets, organizations should have a point of view on data privacy and a corresponding communication framework. This is so regardless of whether or not ADPPA proceeds. A strong stance on privacy will build trust with stakeholders: customers, boards, employees and regulators.

There’s no hiding from the increasing focus on data privacy. So, act now to make communication easier down the road.

——

[1]: https://prnewsonline.com/data-privacy-eu-us-china

[2]: https://www.congress.gov/bill/117th-congress/house-bill/8152

 

Editor’s Note:

Kelly Miller will speak about data protection during a panel at PR NEWS’ Measurement & Data Summit, Sept. 8, in New York City.

Click for more information

 

The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.

©2022 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com

Related Articles

4th Annual Shareholder Activism State of the Market

September 8, 2025—4th Annual Shareholder Activism State of the Market Request Report The 4th Annual Shareholder Activism State of the Mark...

Use It or Lose It: U.S. Hydrogen Industry Must Act To Maintain Momentum

July 12, 2025—Key takeaway: Following the passage of the “One Big Beautiful Bill Act”, time is of the essence for hydrogen produce...

Quick Analysis: ‘One Big Beautiful Bill’ Drives More Gas and Batteries, Less Renewables

July 3, 2025—With the recent passage of the “One Big Beautiful Bill” (“OBBB” or the “Legislation”),[1] FTI Consulting’s...

The Next Chapter for A&D: Why Today’s IPO Wave Could Fuel Tomorrow’s M&A Boom

July 8, 2026—In recent years, emerging aerospace and defense companies have been transitioning from developing and demonstrating new ...

IR Monitor – 8 July 2026

July 8, 2026—In this week’s newsletter: The stories that investor relations professionals need to read this week: FTI on narrative...

FTI Consulting Appoints Dilip Kejriwal as Managing Director in Capital Markets Practice

July 6, 2026—London, 6 July 2026 — FTI Consulting, Inc. (NYSE: FCN) today announced the appointment of Dilip Kejriwal as a Managing...