4 Things You Should Include In Your Data Breach Response Plan
– By JAKE OLCOTT
Data breach response pages can be tens to hundreds of pages long depending on the size of your organization and the criticality of your data. Following a set data breach response template isn’t advisable because different organization have different infrastructure and their unique scenario.
The following are four must have points for a data breach response plan:
1. The type of data that constitutes a data incident.
• Incidents or breaches that involve legally protected information such as PII or PHI which requires immediate notification to affected users.
• Incidents or breaches that represent a small material loss to the company which may not require notification to stakeholders.
2. The parties responsible during a data breach.
• IT/IT Security Department
• Legal Department
• Communications Department
• HR Department
• Executives
3. The internal escalation processes:
When a data incident occurs on your network, you need a rock-solid internal escalation process established for escalating the incident up through your organization.
4. The external escalation process:
Aside from escalating a data incident inside your organization, you also need to include the external escalation process in your data breach response plan.
Reference:
1) JAKE OLCOTT, “4 Things You Should Include In Your Data Breach Response Plan,” February 16, 2017 , https://www.bitsighttech.com/blog/data-breach-response-plan-4-things-include
Yingyan Wang says
Hi Nishit,
It is good to know the four things should be included in data breach response plan: 1) The type of data that constitutes a data incident 2) The parties responsible during a data breach 3) The internal escalation processes, 4) The external escalation process