10. Respond: Data Breach Incident Plans

Question 1

“All breaches are incidents, but not all incidents are breaches”

Incidents vs Breaches

Answer 1

Incident - compromises the confidentiality, integrity or availability of data and may not require notification.

Breach - results in the confirmed disclosure of data to an unauthorized party and requires external notification.

only the Privacy Office or Legal Office should declare a breach

Data breaches can involve risks to both organizations and individuals

Question 2

Examples of how incidents can occur

Answer 2

Malicious actors
Human error
Systems and glitches

Question 3

Creating an Incident Response Plan

Answer 3

• How to protect privilege
• Roles and responsibilities of team members
• How to escalate possible issues and report suspicious activities
• Severity rankings
• Interactions with external parties

Question 4

Breach Causes and Responsibilities (LN)

Answer 4

Top Causes of Data Breaches:
- Malicious Attacks
- Criminal Attacks

Organizations are required to determine:
- Who is Liable for harm
- Who should notify affected individuals

Question 5

Examples of Breach Preparedness - “No definitive way to detect a breach”

Answer 5

Preparedness - focuses on measures for optimally responding to breach.

Training and Awareness - are vital in preparing for an incident.

Tabletop Exercise - a common incident preparedness training activity.

Incident Response Planning - creating one is key to organizational preparedness.

Question 6

Response Tasks may happen in parallel to one another:

Answer 6

Response Tasks may happen in parallel to one another:
- Securing your operations
- Notifying appropriate parties
- Fixing vulnerabilities

Securing Operations Involves:
- Mobilizing the breach response team
- Analyzing vulnerabilities & addressing 3rd parties
- Managing expectations around communication

Question 7

Breach Communication

Answer 7

News of a Breach: coordinate efforts across the predefined steps and keep messaging consistent.

Internal and External Communication should be delivered around the same time.

Internal Communication (to employee only) - no need to legally notify…might be best option dependent on factors.

Question 8

Breach Involvement

Answer 8

Breach Investigation - occurs once breach investigators conclude that sensitive information has been compromised.

Breach Reporting Obligations - vary by jurisdiction but tend to adhere to certain principles:
- preventing harm
- collection limitation
- accountability
- monitoring and enforcement
- mandatory reporting

Question 9

Breach Categories of Cost

Answer 9

• Legal
• First Party
• Remediation
• Intangible Costs

Several factors can impact the per record cost of a data breach

Data breaches provide opportunity for organizational change and growth.

Question 10

Reporting Obligations to Know

Answer 10

Internal announcements:
- align with external
- FAQs
- Response training
- Explanatory info

External announcements:
- Regulator notification
- Letter Drops
- Call center launch
- Remediation offers
- Progress reporting