Filter by Category

Data Breach Response Plan | Templates & Resources

What is a data breach?

The definition seems obvious for any organization.  A data breach occurs when data that was supposed to be protected from unauthorized access is exposed.

What may not be as clear cut is all the ways that sensitive data can be compromised.  These include malicious attacks, accidental mistakes, and employee incompetence.  Confidential information can fall into the wrong hands during electronic file transfers, accessing lost or stolen devices, or because of hackers' infiltration into a company's servers.  Even sending an unsecure email could qualify as a data breach, depending on the information it contained.

five resources for developing a data breach response planWhat is your data breach response plan?

Sometimes known as an incident response plan, a data breach response plan is a critical component for ensuring your company is able to properly respond to a data breach. As complex as the causes of data breaches can be, the steps for responding are fairly straightforward, though time-consuming, stressful, and expensive.  Dealing with the breach will be monumentally more challenging if you don't already have a data breach response plan in place.

Generally agreed upon steps include

  1. thorough, extensive documentation of events leading up to and immediately following the discovery of the breach
  2. clear and immediate communication with everyone in the company about what happened, and how they should respond to any external inquiries
  3. immediate notification and activation of the designated response team, especially legal counsel, to determine whether law enforcement and/or other regulatory agencies need to be involved
  4. identification of the cause of the breach and implementation of whatever steps are necessary to fix the problem
  5. development of messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided

Looking for more recent resources?

Check out our top 2017 data breach & incident response plans >

4 Data Breach Resources

If your company does not yet have a data breach plan in place, or if you've been thinking it might be time to update your current policy, here are four great resources that you'll want to review.

Data Breach Response Guide (Experian Data Breach Resolution Team)

Here is a comprehensive 27-page PDF that overviews how to create your data breach response plan, practicing your plan, responding to a data breach and auditing your plan.

Security Breach Response Plan Toolkit (International Association of Privacy Professionals (IAPP))

Use this questionnaire to guide the development of your incident response plan.  Involve your executive and IT team so everyone can better understand all facets of the process.

Specifically designed for small businesses, the BBB provides a series of articles and resources to help companies understand the issues surrounding data security, as well as how to build a response plan.

Model Data Security Breach Preparedness Guide (American Bar Association)

For those with limited access to legal counsel, this PDF provides an overview from the legal perspective of how to prepare for a data breach.  It obviously isn't a substitute for seeking advice from a lawyer who knows or can learn the details of your specific situation as well as the laws that apply in your state and industry.  However, it does provide some good general information that could help you launch a discussion with your legal team.

Definitions of Personal Information and Breach of Security by State (Baker Hostetler law firm)

If your company does business in more than one state, this is a great starting point to review how different states' data breach laws compare.  Again, it doesn't take the place of your legal team, but it's a helpful overview.

What other resources do you know about that should be included in this list?  Let us know in the comments!  

 

 Learn how IT management can defend against data breaches in our whitepaper, “Defending Against Data Breach: Developing the Right Strategy for Data Encryption.” 

 

 

 

 

 

 

Comments (1)

  1. canadian pharmacy:
    May 24, 2018 at 01:05 AM - Unapproved

    fue hair transplant cough asthma
    http://onlinedrugstore.us.org/# canada pharmacy
    joint stiffness information about asthma
    canadian pharmacy

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Tradeshow Recap: Exploring Cloud File Transfer at Red Hat Summit 2018

May 21, 2018

Last week marked the first year for GoAnywhere as an exhibitor at Red Hat Summit in San Francisco. The three-day conference was a whirlwind of activity, great conversations, and opportunities to…


3 Reasons to Attend VMUG's June 7 Virtual Event

May 17, 2018

Whether you’re already using VMware to manage multiple virtual machines in one console, or you’re just getting started with datacenter virtualization, staying on top of trends, changes,…


GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

May 16, 2018

Ashland, NE, May 16, 2018  In light of the recent OpenPGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure…


Need Help with GDPR Compliance? 3 Simple Steps to Take Now

May 14, 2018

Do you need help preparing for the General Data Protection Regulation (GDPR) deadline on May 25, 2018? If you’re like 67% of IT and security professionals we recently surveyed, you may be well…


3 Cybersecurity Takeaways from RSA Conference 2018

May 8, 2018

The speed and intensity of cyberattacks are growing, and cyber siege is no joke. But the 45,000+ attendees who attended this year’s RSA Conference in San Francisco proved the force of…