Most companies lay out incident response plans that can be referenced when an earthquake strikes their corporate headquarters or when a fire breaks out in one of their call centers. But, how many organizations would know the first step that should be taken after a data privacy incident? It’s essential that a well-thought-out plan be created and tested well in advance of such an event — because
companies with a strong incident response plans tend to fare better and incur less cost than those without a plan.
What is a data privacy incident?
Incidents can result from more than just hacking or criminal behavior. A variety of circumstances can lead to an event:
• A lost laptop containing unencrypted client, patient, or employee data
• Donated file cabinets containing employee files
• Network intrusion to sensitive files
• A rogue employee selling personally identifiable information of customers and employees
• A lost back-up tape
What is an incident response plan?
As defined by TechTarget,* an incident response plan is an organized and documented approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that it limits the damage, reduces recovery time and costs, and supports an organization’s defensible position. An incident response plan includes a policy that defines what constitutes an incident and also provides a step-by-step process that should be followed when an incident occurs.
To learn more, please enter your information below.