The Art of Breach Management: A Comprehensive Guide 

Konstantin Steger

10 November 2023

Data breaches seem to be a recurring nightmare, it's essential for businesses to have a rock-solid plan for breach management in place.  

A breach management plan ensures that an organization has the right personnel and procedures in place to effectively combat any security threat. To truly grasp the significance of breach management, we need to delve into its various components and the roles each department plays in minimizing the chain of events leading to a data breach. 

The Security Incident Team 

The primary responsibility of the security incident team lies in managing and preventing data breaches. In today's digital landscape, this team is increasingly in demand due to the rising frequency and intensity of data breaches. Their role is pivotal in mitigating the impact of a breach, and they rely on a robust procedure to guide them through this challenging task. 

Key steps in containing and addressing security breaches include: 

  1. Confirm the Breach: The first step may seem obvious, but it's crucial to confirm that a security breach has occurred. This involves identifying how the breach was discovered, where it occurred, who reported it, and the potential risks it poses. 
  1. Understanding the Breach: Security breaches can take various forms, from accidental data loss to unauthorized access. Understanding the breach's nature helps formulate a response strategy and identify the potential vectors used by malicious actors. 
  1. Determining Data Sensitivity: Not all data breaches are equal. It's essential to assess the severity of the breach by identifying the types of data involved and the potential risks to the organization, its customers, or partners. 
  1. Containment and Recovery: Swift containment is vital to minimize damage. This phase involves identifying and closing security gaps, implementing recovery plans, and preserving evidence for investigation. 

Legal and Compliance 

Modern data privacy laws impose strict obligations on companies that collect, store, and process personal data. The General Data Protection Regulation (GDPR) serves as a prime example, mandating data controllers to notify regulators and affected individuals within 72 hours of a data breach. 

Defining Data Breach: 5 Key Steps 

Step 1: Determine a Potential Breach 

A data breach, according to GDPR, involves a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data. It occurs when: 

  • Personal data is destroyed or deleted inadvertently. 
  • Personal data is altered, corrupted, or becomes incomplete. 
  • The company loses control or access to personal data. 
  • Personal data is disclosed to unauthorized recipients or processed in violation of GDPR. 

Step 2: Notify the Supervisory Authority 

When a breach is confirmed and merits reporting, notify the relevant supervisory authority. Even if the investigation is ongoing, initial notification within 72 hours is crucial. If little information is available, provide a placeholder notification. 

Step 3: Determine Data Controller or Data Processor Status 

It's essential to determine whether the company acts as a data controller or data processor, as each has distinct reporting obligations. A data controller collects personal data and determines its processing purpose, while a data processor processes data on behalf of a data controller. 

Step 4: Assess Risk Levels 

Data controllers must assess if the breach poses a risk to individuals' rights and freedoms. A risk analysis considers factors such as data type, sensitivity, volume, potential uses, and consequences for individuals. If the breach poses a high risk, affected individuals must be notified. 

Step 5: High-Risk Evaluation 

If the risk is high, data controllers must notify affected individuals. Exceptions may apply, such as adequate pre-breach security measures, immediate risk mitigation, or disproportionate effort to contact affected individuals. Transparent communication channels are essential. 

Recording in the Internal Data Breach Log 

Every data breach, regardless of notification requirements, should be meticulously recorded in an internal data breach log. Original incident forms and related documents should be maintained for reference. 

Ensuring Employee Awareness 

Engaging employees in breach management is crucial. Security incidents often result from human errors, such as password sharing or falling victim to phishing attacks. A comprehensive security awareness program can empower employees to contribute to data breach prevention and mitigation. 

Data breaches remain a pervasive threat in today's digital landscape. Developing a robust breach management plan, understanding legal obligations, and fostering employee awareness are essential steps toward effective breach prevention and response. By addressing breaches comprehensively, organizations can minimize risks, protect their reputation, and safeguard sensitive data in an increasingly data-driven world.