Establish a team to help you manage the data breach
It is important to ensure a coherent and consistent approach to any data breach across your business. You should therefore take the following steps:
- establish a "breach" or "incident" team to help you deal with the data breach
- your breach team should comprise members from your legal, IT, compliance, human resources and public relations teams as well as representatives from affected business units
- if you already have a team in place, alert them immediately (subject to conflicts of interest)
- remind the team of the importance of confidentiality, even within the business
- include at least one senior employee or board director in the team to enable decisions to be taken and acted upon quickly and to secure necessary resources and cooperation from the business
- team responsibility and reporting lines must be absolutely clear
- all actions to stop, mitigate, respond or otherwise deal with the data breach should be approved by the team
