Response Plan For A Data Breach

Alice M. Porch, Esq., CIPP/US, C|EH, Security+Cyber Security

To rise above the aftermath of a data breach, a business needs to prepare a contingency plan. Whether a company discovers a system intruder or becomes infected with malware, the damage must be minimized.

An Incident Response Plan (IRP) should be in place to quickly rollout a recovery procedure. An IRP focuses on actions to prepare and recover from a breach. A manager developing an IRP should consider five important objectives:

  1. Preparation: Designate responsibilities and establish procedures to handle an incident.
  2. Detection: Identify an incident early and analyze the cause of the incident.
  3. Investigation: Apply resources to identify the intruder and mitigate any damage.
  4. Restoration: Return operations to normal and reduce losses by containing the incident.
  5. Resolution: Determine corrective actions and provide guidance to management.

Cyber Breach Aftermath

Once the situation is under control and operations are returned to normal, the designated manager must immediately deal with the aftermath. First, the manager should report the intrusion to the police. Next, the manager should evaluate the damage and notify any insurance carriers. State officials may also need notification if required under state law.

If the intruder compromised any personal information, the victims will need to receive a breach notification letter. Many state breach laws require reporting the breach to the credit bureaus depending on the number of victims. Finally, the company should offer victims theft prevention services as a courtesy, such as credit monitoring, identity protection, and access to a call center for assistance.

Every company should take extreme care with handling a data breach. Recovery may involve more than simply restoring backups. As a business strategy, how a company handles a breach will reflect on its branding and goodwill with the public. Importantly, if a breach happens, having an IRP in place could make the difference between crashing the business or sailing to a full recovery.

Share this article!

Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.