To prevent personal data breaches, organizations must implement appropriate security controls relevant to the circumstances of data processing. Such security controls may be preventative (security measures to limit the personal data breaches) and remedial (mitigation measures to limit the impact of a personal data breach that has happened) in nature.
Organizations must consider the following factors while choosing an appropriate security control for the protection of personal data:
In addition to the considerations above, an ideal security control must have the following abilities:
Despite security controls, security incidents will inevitably take place. However, not every security incident qualifies as a personal data breach and not every personal data breach is required to be notified to the regulatory authority and impacted data subjects. Therefore, every organization must have an effective and robust breach response management process. It must have a mechanism in place to determine when a security incident is considered a personal data breach, when a personal data breach needs to be notified, identify areas of improvement, and implement necessary remediation measures to reduce consequences on data subjects.
PO Box 13039,
Coyote CA 95013