Organizations that experience data breaches must move quickly to assuage the fears of their constituents and go beyond expectations to address the situations effectively, according to those most familiar with the incidents.

Speaking at the ongoing Security Standard Conference in Chicago, a pair of experts offered advice for handling situations where sensitive user or customer data is lost or stolen, and examined the missteps taken by retailer TJX Companies in handling its now-notorious credit card information theft.

First to the podium was David Escalante, director of computer policy and security at Boston College, which in March 2005 experienced a break in to a server containing sensitive alumni fund-raising information.

By addressing the situation head-on and moving to inform anyone whose data may have been exposed in the incident -- which was ultimately blamed on a third-party IT services provider that managed the affected system -- Escalante said BC was able to minimize the impact of the event and quickly move on.

"This was probably the low point of my career," said Escalante. "But while it was a bad thing to have happen, it seemed at the time that we were doing the right things to handle it, and I'm glad to say that turned out to be the case."

Less than two weeks after BC discovered the breach, the school had assembled a comprehensive incident response plan and had mailed out 100,000 warning letters to anyone whose data may have been stored in the system.

By aggressively seeking to communicate with its constituents, including setting up phone lines on which its alumni could call and complain about the issue, the school was able to move past the situation and better prepare for any future breach events, he said.

Among the tips that Escalante offered for managing such a crisis was to huddle different organizational officials "like a football team" and loop in everyone from the school's public relations department to its campus police force and IT management groups.

By creating a cross-organizational strategy to handle different aspects of the breach, the administrator said, the school was able to assemble the right mix of people to work on different tasks -- from applying computer forensics to study aspects of the breach itself to aligning the right mix of leadership to oversee the entire response process.