Feb 2022
Stop, Drop and Respond. Taking the panic out of a data breach.

Your heart rate increases, palms a little sweaty – your phone has pinged with the news that there has been a data breach. You’re not yet sure of the who, what or how, but one thing is for sure – you need to act swiftly.

When a cyber security incident or data breach happens to you here is what you need to have in place as immediate actions.

The key steps that need to be taken are to contain the breach, assess the extent of the breach and the kind of information that has been compromised, and then determine if the breach is notifiable and act accordingly.

It’s no secret that a quick response to a data breach is critical to managing the breach as effectively as possible. But… here are the first practical steps that you would take when faced with the news that your system is compromised.

As with ghosts and other threatening spectres, the first question that comes to mind is “who you gonna call?” – and this really is a critical first step toward activating a response plan in the event of a breach. Know who the members of your organisation’s response team are. You need to be able to quickly and easily identify the person or people who will report and escalate any actual or suspected data breach.

The next question to consider is how are you gonna call? If your organisation’s intranet is compromised for example, do you have the contact details of the relevant personnel?

It is key to success to know who to contact and how to do it. Increase your response readiness by knowing your external assistance providers such as IT, cyber security, crisis management and legal advisors.

When the need to take swift action is so pressing, sometimes it’s the smallest details that can create the largest delays to activating your beautifully crafted data breach response plan. Make sure that you and your colleagues know exactly how to activate your organisation’s response plan by preparing an ‘Emergency Data Breach Response Card’ that can sit in your wallet or on your mobile device.

Having the key contacts and critical first steps in an easy-to-use wallet-sized card, you could help take the panic out of a data breach and grease the wheels for a quick and effective response that ensures the best outcomes for you, your organisation and any affected individuals. If you would like to contact me for template you might use in your organisation, drop me an email on brett.farrell@carbonlawpartners.com.

Brett Farrell provides strategic legal advice for companies that are digital first or on a digital transformation journey through his substantial experience in data protection and privacy. If you’d like to chat with Brett about legal support he can offer your business, get in touch.