A data breach, also called a security breach, is the phrase used to describe a security issue where the intentional or unintentional release of information takes place. Usually the information is private, confidential or personal information that was given in trust to the organization.
Why a Data Breach Happens
A data breach may occur for a number of reasons. For example, a data breach could be the result of unauthorized acquisition of personal information through employee negligence (i.e., photocopying) to computer hard drives not properly disposed of, to hackers gaining access to data through an exploit or other malicious attack.
Data Breach Notification Laws
Many countries or individual states/provinces have enacted some type of security and data breach notification law. These laws require government agencies and other organizations that collect personal information (including a name combined with SSN, drivers license or ID, account numbers, etc.,) to notify individuals of security breaches.
The exact requirement for notification laws change between places as well as the legal definition of what constitutes a breach, requirements and timing for notice and exemptions. In general if there is a perceived risk as a result of a data breach, the affected individuals and regulating government bodies should be notified.
While there are no specific set of rules to follow, most organizations will create a checklist to ensure a swift response to manage and mitigate a breach.
The first step is to create a policy that defines the organization’s definition of a breach, and identify what constitutes a breach, making sure it complies with any legal definitions set forth in your geographical location.
Next, a plan will identify staff responsibilities and outline how to properly keep records of breach reporting and tracking. The plan should identify management support and approval processes and outline employees responsibilities to standardize behavior.
Lastly, organizations will need to have a breach procedure in place, derived from the plan and policy. This standardizes the responsibilities and actions that are part of the response effort and should identify senior management responsible for enacting the procedures.
The data breach procedure is typically reviewed, tested and enacted as part of an organization's overall business continuity and disaster recovery procedure. The related links section below offers additional resources to help businesses create checklists and data breach policies.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »List of Well-Known TCP Port Numbers
Port numbers 0 to 1024 are reserved for privileged services and designated as well-known ports. This list of port numbers are specified in... Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »