A data breach, also called a security breach, is the phrase used to describe a security issue where the intentional or unintentional release of information takes place. Usually the information is private, confidential or personal information that was given in trust to the organization.
Why a Data Breach Happens
A data breach may occur for a number of reasons. For example, a data breach could be the result of unauthorized acquisition of personal information through employee negligence (i.e., photocopying) to computer hard drives not properly disposed of, to hackers gaining access to data through an exploit or other malicious attack.
Data Breach Notification Laws
Many countries or individual states/provinces have enacted some type of security and data breach notification law. These laws require government agencies and other organizations that collect personal information (including a name combined with SSN, drivers license or ID, account numbers, etc.,) to notify individuals of security breaches.
The exact requirement for notification laws change between places as well as the legal definition of what constitutes a breach, requirements and timing for notice and exemptions. In general if there is a perceived risk as a result of a data breach, the affected individuals and regulating government bodies should be notified.
While there are no specific set of rules to follow, most organizations will create a checklist to ensure a swift response to manage and mitigate a breach.
The first step is to create a policy that defines the organization’s definition of a breach, and identify what constitutes a breach, making sure it complies with any legal definitions set forth in your geographical location.
Next, a plan will identify staff responsibilities and outline how to properly keep records of breach reporting and tracking. The plan should identify management support and approval processes and outline employees responsibilities to standardize behavior.
Lastly, organizations will need to have a breach procedure in place, derived from the plan and policy. This standardizes the responsibilities and actions that are part of the response effort and should identify senior management responsible for enacting the procedures.
The data breach procedure is typically reviewed, tested and enacted as part of an organization's overall business continuity and disaster recovery procedure. The related links section below offers additional resources to help businesses create checklists and data breach policies.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
The following coding and IT boot camp facts and statistics provide an introduction to the changing trends in education and training programs. Read More »Top Cloud Computing Facts
The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »