The purpose of a Breach Response Plan (BRP) is to empower your organization to respond to a privacy event in an efficient and cost-effective manner.
Breach Response Plans are designed to:
- Minimize damage to affected individuals
- Lessen business losses associated with a breach
- Report effectively to the necessary regulatory and governmental agencies
- Reduce the likelihood of class-action litigation
- Avoid similar data privacy events in the future
In order to have an effective BRP, each organization must build a Breach Response Team. An Internal Breach Manager is assigned to direct and manage this team. Once an internal response team is in place, three crucial external Expert resources need to be utilized.
Legal Team (Breach Coach):
- Is a computer forensics investigation needed?
- Are breach notifications required?
- What is the potential for regulatory fines or penalties?
- What is the potential for legal action?
- What are your next steps?
- How did it happen?
- When did it happen?
- Is it still happening?
- Who did it happen to?
- What was/wasn’t accessed or acquired?
Public Relations Team:
- Who needs to be notified?
- What method of notification?
- What is our company message regarding the incident?
- How do we prepare for customer response after PR announcement?
In the wake of a data breach there will be a tremendous number of important and difficult questions requiring a prompt response. Without a carefully prepared Breach Response Plan you or your clients could end up one of the 62% of businesses that fail within 6 months of a data breach.