4 Things You Should Include In Your Data Breach Response Plan
\n\u2013 By JAKE OLCOTT<\/p>\n
Data breach response pages can be tens to hundreds of pages long depending on the size of your organization and the criticality of your data. Following a set data breach response template isn\u2019t advisable because different organization have different infrastructure and their unique scenario.
\nThe following are four must have points for a data breach response plan:<\/p>\n
1. The type of data that constitutes a data incident.
\n\u2022 Incidents or breaches that involve legally protected information such as PII or PHI which requires immediate notification to affected users.
\n\u2022 Incidents or breaches that represent a small material loss to the company which may not require notification to stakeholders.
\n2. The parties responsible during a data breach.
\n\u2022 IT\/IT Security Department
\n\u2022 Legal Department
\n\u2022 Communications Department
\n\u2022 HR Department
\n\u2022 Executives
\n3. The internal escalation processes:
\nWhen a data incident occurs on your network, you need a rock-solid internal escalation process established for escalating the incident up through your organization.
\n4. The external escalation process:
\nAside from escalating a data incident inside your organization, you also need to include the external escalation process in your data breach response plan.<\/p>\n