Data Breach Reporting

Preparing for the Mandatory Data Breach Notification

Preparing for the Mandatory Data Breach Notification must include:

Have the three key elements in place:

Governance measures:

  1. Business Continuity Plan
  2. Data Breach notification plan
  3. Risk management plan
  4. Cyber and privacy strategy

IT measures:

  1. Antivirus, Intrusion Detection and Protection Systems
  2. Policies for access to the systems
  3. Backups

Cyber insurance to mitigate the residual risk

Knowledge and information about your data assets – document where they are:

Software: what software systems do you use?

Hardware: what hardware do you have and where?

Do you keep the data “in the cloud” (ie on the systems of a storage provider?)

What devices can access the systems (phones, tablets, etc) and whom do they belong?

Vendor management:

Have a list of all your vendors and their contact details that can be used in case of a breach

Have a clause in the contract that specifies how they will cooperate with you if there is a breach

Knowledge and information about your staff and their privileges to the systems used:

Prepare a plan for the Data Breach notification which contains:

Definition of what constitutes a data breach to assess its severity

Appoint staff members who will be in charge of coordinating the execution of the Plan

Know the steps to be taken in case of a breach

  1. Stop the breach
  2. Assess the breach – preliminary
  3. Notify the stakeholders – directors, owners, OAIC, CERT, insurers, banks, legal counsel, patients – using the prepared messages as guidance
  4. Contact the company who will undertake the forensics

Prevent any further breaches

Test the plan at least once a year

To discuss and find out more, please join us on Friday 23rd of February 2018 (when the Mandatory Data Breach Notification comes into effect). Please register by clicking on the link below:
Data Breach notification readiness Discussion

WordPress Image Lightbox Plugin