A data breach, also called a security breach, is the phrase used to describe a security issue where the intentional or unintentional release of information takes place. Usually the information is private, confidential or personal information that was given in trust to the organization.
A data breach may occur for a number of reasons. For example, a data breach could be the result of unauthorized acquisition of personal information through employee negligence (i.e., photocopying) to computer hard drives not properly disposed of, to hackers gaining access to data through an exploit or other malicious attack.
Data Breach Notification Laws
Many countries or individual states/provinces have enacted some type of security and data breach notification law. These laws require government agencies and other organizations that collect personal information (including a name combined with SSN, drivers license or ID, account numbers, etc.,) to notify individuals of security breaches.
The exact requirement for notification laws change between places as well as the legal definition of what constitutes a breach, requirements and timing for notice and exemptions. In general if there is a perceived risk as a result of a data breach, the affected individuals and regulating government bodies should be notified.
Data Breach Checklist
While there are no specific set of rules to follow, most organizations will create a checklist to ensure a swift response to manage and mitigate a breach.
The first step is to create a policy that defines the organization’s definition of a breach, and identify what constitutes a breach, making sure it complies with any legal definitions set forth in your geographical location.
Next, a plan will identify staff responsibilities and outline how to properly keep records of breach reporting and tracking. The plan should identify management support and approval processes and outline employees responsibilities to standardize behavior.
Lastly, organizations will need to have a breach procedure in place, derived from the plan and policy. This standardizes the responsibilities and actions that are part of the response effort and should identify senior management responsible for enacting the procedures.
The data breach procedure is typically reviewed, tested and enacted as part of an organization's overall business continuity and disaster recovery procedure. The related links section below offers additional resources to help businesses create checklists and data breach policies.
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »Facts about Computer Science: Education and Jobs
The following computer science facts and statistics provide a quick introduction to the changing trends in education and related careers. Read More »Texting & Chat Abbreviations
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »Computer Architecture Study Guide
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »