Privacy Operational Lifecycle - Section III.E. - Respond: Privacy Incidents Flashcards
True or False: The average cost associated with responding to a data breach has risen significantly in the past two decades.
True
What is a privacy incident?
An adverse event or action that is unplanned, unusual, and unwanted that happened as a result of non-compliance with the privacy policies and procedures of an organization.
What aspects of a data breach response plan should be reviewed as part of incident follow-up?
(1) Staffing and resources;
(2) Containment, including timing and processes;
(3) Commitment of executive leadership;
(4) The roles of response team members and other stakeholders; and
(5) The notification process.
What steps does the FTC recommend in providing notice to affected data subjects that a data breach has occurred?
(1) Consult with a law enforcement so as not to impede any investigation;
(2) Designate a point person for external contacts; and
(3) Consider offering a year of free credit monitoring and other support to affected individuals.
What is required of organizations that hire third-party call centers for customers to contact as part of its data breach response plan?
Draft the scripts for call center workers to utilize,
provide training to the call center’s quality assurance team,
analyze reports prepared by the call center, and
maintain adequate staffing.
What is the most common term used to describe the amount of time an organization has to provide notice to affected data subjects once it is determined that a data breach has occurred?
At the most expeditious time possible and without unreasonable delay.
Who typically leads an organization’s response to a data breach?
Legal counsel.
What types of expenses are typically covered by cyber insurance?
Legal expenses;
Forensic analysis;
Negotiation or payment of ransomware;
Data restoration expenses;
Breach notification expenses;
Public relations consultations; Identity restoration;
Fines or penalties;
Security and system failures; and
Contract expenses.
What are some of the benefits associated with training employees how to respond to a data breach?
It helps expose gaps in procedures before an incident occurs,
Increases security (i.e., lower the risk of a breach),
Lessens long-term costs, and
Better maintains an organization’s reputation in the event of a breach.
What are the four steps the FTC recommends after confirming that a data breach occurred?
(1) Secure operations;
(2) Analyze and fix vulnerabilities;
(3) Notify affected parties; and
(4) Take proactive steps to limit future breaches.
Does developing a data classification schema increase or decrease the cost of responding to a data breach?
Decrease.
What steps should be taken in preparation for responding to a privacy or security incident?
(1) Develop an incident response plan;
(2) Implement appropriate training;
(3) Understand key roles and responsibilities;
(4) Obtain insurance coverage, if appropriate; and
(5) Effectively manage third-party data vendors.
Does business continuity management increase or decrease the cost of responding to a data breach?
Decrease.
True or False: The average cost associated with responding to a data breach is pretty consistent across jurisdictions globally.
False. The cost of responding to a data breach varies significantly across jurisdictions, with the United States being the country with the highest average response costs.
Other than lowering the cost of responding to a data breach, employee training can also lower [blank].
The frequency with which privacy incidents occur.
What is an incident register?
A document or record of every incident that has taken place within an organization, on a select project, or at a specific location, such as a privacy incident register.