Develop an Data Breach Incident Response Plan
An effective data breach incident response starts with a thorough privacy program and advance planning for risks and responses to data breach incidents. This involves input and cooperation between company data protection officers, c-suite leadership, and internal or external legal, IT, and vendor support. Developing a Privacy Program is discussed in more detail
here.Regardless of whether your business has properly planned–or you are responding in an emergency–your incident response will be individualized based on the nature, scope, and breadth of the incident. For example, an external attack verse an insider threat will obviously impose different considerations. Nonetheless, the planning and framework for the incident response are invaluable, even if the actual response differs from the initial planning.
Data Breach Incident Response Phases
The incident response phases may include:
- Preparation
- Investigation
- Containment
- Eradication
- Recovery
- Lessons Learned
Regardless of when you become aware of an incident, it is essential that you work with your security and operational leaders (whether employees, contractors, or vendors) to effectively respond. This response will ultimately determine your legal compliance (
all fifty states now have a data breach notification law) and the risk/cost to your business related to the incident. This can include legal liability, but it also includes your customers’ and clients’ trust in your company going forward.
Consult with a Privacy Professional
Whether it is legal compliance or reputational impact, your company’s incident response may determine whether your company survives. For these reasons, don’t delay planning.
Contact our office to discuss the services that we can provide and the partners with whom you can connect to facilitate your incident response.
