Taking urgent steps to bring the information breach to an end and to recover the information

The incident management team should:

  • stop any continuing information breach
  • prevent any repeat or related future breach. Where it is not possible to stop the information breach immediately, take such steps as are possible to mitigate any ongoing information breach. Some of the measures you might consider include: 
    • introducing immediate encryption of relevant data
    • introducing or increasing employee e-mail/internet surveillance
    • introducing whistleblower procedures
    • if possible recover any data that may have been lost 
    • legal action to restrain any further information breach, or to prevent any third party using, disclosing or publishing inappropriately acquired data. See Are injunctions required and What urgent contractual issues might arise