The security incident or data breach may pose harm to customers or individuals affected by the incident. Quick action may be necessary to contain the incident or shut down some portion of the network or system while assessing how the security incident occurred. The plan should identify who to contact and when (e.g., information security consultant? Forensics? Law enforcement?). Incident Report System. There should be a reporting system in place that allows security incidents and data breaches to be tracked as they happen and records maintained of any investigation and result. Simulated Breach. Conducting a mock security incident may help the business test the plan, evaluate the incident report system, and make any changes necessary. Like fire drills, these mock incidents or simulated breaches will also better prepare a business in the event of a real security incident or data breach. First Steps. The top priority is to fix the problem and take all necessary steps to protect the data. Can the fix be accomplished with internal resources? Does the business have a forensics or technical consultant ready to immediately become engaged as necessary to investigate and resolve the incident? Notification requirements under various state and federal laws need to be reviewed promptly to determine if a breach notice is required, and timing of any notice, the appropriate recipients, and content of such notice. Communications - Is it a Breach that Requires Notice? Is the security incident even a breach that requires notice to consumers or individuals? What about government agencies and the media? If notification letters are necessary, what should they say and when should they be sent? Notification requirements vary by state as does the definition of breach. In some cases, a business may decide to send a notice to all consumers affected even if the state where the affected person resides does not require it. Regardless of the legal requirements, the business should have a person experienced in handling data privacy and security responsible for
164
Made with FlippingBook - Online Brochure Maker