4 Things You Should Include In Your Data Breach Response Plan

4 Things You Should Include In Your Data Breach Response Plan
– By JAKE OLCOTT

Data breach response pages can be tens to hundreds of pages long depending on the size of your organization and the criticality of your data. Following a set data breach response template isn’t advisable because different organization have different infrastructure and their unique scenario.
The following are four must have points for a data breach response plan:

1. The type of data that constitutes a data incident.
• Incidents or breaches that involve legally protected information such as PII or PHI which requires immediate notification to affected users.
• Incidents or breaches that represent a small material loss to the company which may not require notification to stakeholders.
2. The parties responsible during a data breach.
• IT/IT Security Department
• Legal Department
• Communications Department
• HR Department
• Executives
3. The internal escalation processes:
When a data incident occurs on your network, you need a rock-solid internal escalation process established for escalating the incident up through your organization.
4. The external escalation process:
Aside from escalating a data incident inside your organization, you also need to include the external escalation process in your data breach response plan.

Reference:
1) JAKE OLCOTT, “4 Things You Should Include In Your Data Breach Response Plan,” February 16, 2017 , https://www.bitsighttech.com/blog/data-breach-response-plan-4-things-include