Once a security incident has taken place, an organization must immediately respond to it. An effective breach response mechanism has the following steps:
Containment of the security incident:The first step is to contain the security incident immediately by trying to get lost information back, disabling the breached system, canceling or changing computer access code, or trying to fix any weakness in the organization’s physical or technical security. The containment of the security incident enables organizations to mitigate the risks posed to data subjects.
Data Breach Assessment:The second step is to determine whether the security incident qualifies as a personal data breach. The definition of a personal data breach differs from one privacy law to another, and therefore, the organization must conduct the data breach assessment relevant to its jurisdiction.
Data Breach Risk Severity Assessment:Once a personal data breach has been determined, the next step is to evaluate the severity of the potential or actual impact on data subjects as a result of the breach and the likelihood of this occurrence. This should be done by taking into consideration the nature of the harm that may be caused to data subjects, whether the breached personal data was sensitive, whether the breached personal data was protected by a security control and any other relevant factors. The data breach risk severity assessment enables organizations to determine their breach notification requirements.
Breach notification:After the data breach risk severity assessment, an organization is familiar with whether it is required to notify the breach to regulatory authority or impacted data subjects or both. It must fulfill its breach notification obligations within stipulated time frames to avoid any penalties and sanctions.
Reviewing security controls:After the occurrence of every security incident and personal data breach, the organization must review and update its data breach response mechanism. It must assess the effectiveness of security controls to prevent security incidents and data breaches in the future.