CIPM Ch 6 Repond Flashcards
Privacy incident response
Can often leverage an existing cybersecurity response plan
Data subject request and privacy rights
. Data subject requests include enabling data subjects to contact organizations
- to inquire about the use of that personal data,
-to enact corrections to the person information,
-to Lodge complaints,
-to request that their information be transferred to another organization,
-and to request that their rights be removed from an organization
Data subject request
. Inquiries and requests that a person may lodge with an organization
. Typically maintain a log of inquiries
. organizations must respond within a specific time frame which are sometimes spelled out in regulations
With the authorities
The most important ingredients to a successful relationship and encounter with external parties is the completeness and integrity of business information including the following:
.Up to date process information.
. Data flow diagrams
. effective processes
. Complete and accurate business records
Privacy incident response
Is any event in which one or more data subjects’ personal information has been inappropriately used or disclosed in a manner contrary to applicable laws or regulations or security or privacy policies
phases of incident response
. planning
. Detection
. Initiation
. Status updates
. Analysis
. Containment
. Eradication
. Recovery
. Remediation
. Closure
. Post-incident review
. retention of evidence
. Incident reporting
Planning
Steps involves the development of written response procedures that are followed when an incident occurs
Detection
Represents the time when an organization is initially aware that a privacy incident is taking place or has taken place
Initiation
Declaration of an incident, followed by notification sent to response team members so that response operations should commence.
Status updates
Incident Response Team should have established methodologies, formats, frequencies, and recipients of regular status updates to keep management and others formed as the incident investigation unfolds, progress, and leads to containment, and medication, recovery, remediation, and closer.
Analysis
Response team members analyze data to understand the calls, scope, and impact of the incident
Containment
Incident responders before more direct actions that halt the progress for the advancement of an incident in this phase
Eradication
Responders to take steps to remove the source of the incident
Recovery
Or recovered to their pre-incident state
Remediation
Involves any necessary changes that will reduce or eliminate the possibility of a similar incident occurring in the future
