How Do You Handle a Data Breach?
In today’s modern world, data breaches are a reality. While nobody wants them to happen, the reality is they do happen. Nowadays, it is no longer a matter of when a PDPA breach or data breach will occur. It has become a question of when.
Many businesses and organisations are now asking themselves how they should contain and handle a breach when it occurs. If anything, the importance of having a plan in the event of a data or PDPA breach is considered important.
Data breaches can have serious repercussions for a business and the fallout from a major data breach can result in loss of customers, financial penalties, drop in the share price, and damage to brand reputation.
How Data Breaches Happen
There is a misconception that data breaches are caused by outside hackers alone. While data breaches can be attributed to intentional attacks, it can also result from simple oversights by employees. Additionally, it can be caused by flaws in the company’s infrastructure.
Below are some of the ways a data breach can occur:
- Accidental Insider
- Malicious Insider
- Stolen or Lost Devices
- Malicious Outside Criminals
How to Handle a Data Breach
If there is a breach in your organisation, you need to act quickly to prevent any further damage. The first 24 hours will be crucial so the incident can be managed effectively. Below are five of the best practices you should look into in the event of a data breach:
Identify the Breach
Once the organisation finds out that a privacy breach is in process, the immediate concern would be to stop the breach from continuing. In line with this, businesses need to identify how the breach happened—whether it’s from malware, phishing attack, or through leakage from a mobile device or laptop.
All exit and entry points within the system need to be monitored closely. As soon as the breach has been identified, a containment strategy has to be carried out to ensure hackers won’t be able to gain further access to valuable data.
Assemble an Incident Response Team
When there is a data breach, specific individuals within the organisation should have responsibilities and roles that are defined to effectively manage the situation and make decisions accordingly.
The contact details of key personnel need to be circulated throughout the organisation so employees will know who to get in touch with in the event of a data breach. If the breach is extensive, an external expert may be appointed to assess the damage thoroughly.
As personal data breaches need to be reported by the controller within 72 hours, this step should be a top priority. Focus should also be given to providing all the information to the Data Protection Officer (DPO).
Notify the Relevant Parties
The DPOwill need to inform the Data Protection Authority if the organisation is the controller of the personal data. If the risk to the freedom and rights of data subjects is high, the data subjects should also be informed by the DPO.
Communication should also include the contact details of the DPO, actions already in place, details of the breach, the possible impact, and those that are being initiated to minimise the impact of the breach.
Contain, Deep Dive, and Notify
While the Data Protection Officer notifies the relevant authorities, it is crucial that the incident team continues to deep dive on the following:
- Ensuring all the possible measures to minimise the risk and making sure any further unauthorised access is contained.
- Continuing to refine the estimate of the data breached and the types of data that were breached.
Monitor and Review
Once the breach has been contained, the organisation needs to conduct a review of existing measures and explore every possible way in which the measures can be strengthened. This is done to prevent a similar breach from happening again. It is also important that you keep a log of the actions taken and a data breach register.