Data Breach Response Plan

Do you know how to properly report a Data Breach?

A data breach is any instance in which there is an unauthorized release or access of PII or other
information not suitable for public release. This definition applies regardless of whether an
organization stores and manages its data directly or through a contractor, such as a cloud service
provider. Data breaches can take many forms including:

  • hackers gaining access to data through a malicious attack
  • lost, stolen, or temporary misplaced equipment (e.g., laptops, mobile phones, portable thumb drives, etc.)
  • employee negligence (e.g., leaving a password list in a publicly accessible location
  • technical staff misconfiguring a security service or device, etc.)
  • policy and/or system failure (e.g., a policy that doesn’t require multiple overlapping security measures—if backup security measures are absent, failure of a single protective system can leave data vulnerable).

In some cases, an organization may discover that control over PII, medical information, or other sensitive information has been lost for an unspecified period of time, but there is no evidence that data has been compromised. In such an instance, unless applicable federal, State, or local data breach notification laws would define this as constituting a breach, it would be up to the organization to determine whether to treat the incident as a full-scale breach or as inadequate security practice requiring immediate correction.

Kaliber’s Certified Information Security Professionals can you help you construct a relevant, usable, compliant Data Breach Response Plan as part of a comprehensive Information Security Management System.  In this way, your organization will know how to react properly given the circumstances of the breach.

In an article in Computer Reseller News (view article here), Kaliber’s President, Ken Leeser, said, “People want sunshine and insist that the breached organization shed light with clear and concise information about the matter. People accept the bad things that happen, but it’s how you respond that ultimately determines public opinion in the marketplace.”

Contact us today so that we can help you with a Data Breach Response Plan to protect your reputation and comply with notification regulations should your organization suffer a loss of confidential information.