Execute your data breach response plan

  • Alert your incident response team, which should include legal counsel
  • If you do not have a data breach response plan, legal counsel can coordinate the response
  • Engage your public relations/crisis management team

Engage your legal counsel and privacy compliance teams 

  • Identify legal obligations
  • Identify contractual obligations

Identify and notify insurance providers

  • Work with legal counsel to identify potential coverage and notify insurers

Identify the scope of the breach

  • Determine what personally identifiable information is at risk
  • Determine if other information, financial accounts, or systems are at risk

Have a computer forensics expert investigate and fix the breach

  • Secure compromised devices and preserve evidence
  • Find out if any countermeasures, such as encryption, were enabled when the compromise occurred
  • Analyze preserved or reconstructed data sources
  • Ascertain the number of suspected people affected and type of information compromised

Inform law enforcement as necessary

Prepare communications to affected/required parties

  • Consider requirements under state notification statutes, such as:
    • Indiana Disclosure of Security Breach Act, Ind. Code § 24-4.9-1.1, et seq.;
    • Indiana Notice of Security Breach Act, Ind. Code § 4-1-11, et seq.;
    • Ohio Security Breach Notification Act, R.C. 1347.12 and 1349.19–.192;
    • Illinois Personal Information Protection Act, 815 ILCS §§ 530/1 to 530/25; and
    • HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414.
  • Note: The notification laws which apply vary based on information disclosed and affected parties
  • Some state statutes require notice in as short as ten (10) days
  • If export-controlled information may have been compromised, work with legal counsel to determine whether voluntary disclosure is appropriate
  • Involve your public relations/crisis management team in the communications

Afterwards, identify lessons learned

  • Re-evaluate breach response plan
  • Re-visit and strengthen data security measures
  • Consider changing processes to prevent a future breach