Establishing a team to manage the information breach

You need to ensure that you adopt a consistent, business-wide approach to any information breach.

To help you do this, you should establish an incident management (IM) team that includes members from legal, IT, compliance, human resources and public relations, as well as representatives from affected business units.

Key issues to consider include:

  • do you need to seek external expertise (eg forensic IT specialists, lawyers)?
  • if you already have a dedicated IM team in place, alert them immediately (subject to any possible conflicts)
  • ensure that everyone on the IM team is aware of the need for strict confidentiality
  • so that you can take decisions quickly and secure the resources and co-operation from the business you should include at least one senior employee or board director in the IM team
  • make sure responsibilities and lines of reporting are clear
  • the IM team must approve all responses to the information breach
  • you may need to form a second, parallel team to investigate the subject of the whistleblowing or disclosure, independently of the events surrounding the disclosure itself