Data breach notifications don’t need to be scary

Ever since the GDPR was introduced, the subject of data breach notifications has worried a lot of people. How do you write one? What do you need to include? What will the ramifications be? Will it make your customers run for the hills? Will it get you fired?

I’ve got news for you, courtesy of, one of the technology websites I subscribe to. They can be polite, informative, and leave a favorable impression. This is an email I received from them the other day:

The email gives the background, the details, the steps they’ve taken to mitigate the risk, the option to reset my password – everything I would want to know in just 286 words. It doesn’t pull any punches, but neither does it come across as an apology on bended knees.

The subject line to the email, incidentally, was Notification of a potential data security breach of your password. Honest, open, and enough to make me read the email – and then be reassured by the content of the email.

So if you’ve been wondering what to do if you have to write a data breach notification, a good first step is to follow the example of They’ve done a lot of the hard work for you.

And, yes, I remain a subscriber.

If you’d like to know more about data breach notifications, there’s a fascinating article by William Brewer on Redgate’s technical journal, Simple Talk.