Data protection and privacy laws across jurisdictions require businesses to notify data breach incidents to the people whom such personal data pertains and the authorities under the regulations.
To have effective incident management system in place, the organisations shall:
Prior to the breach
- Assess potential impacts from breaches of personal data
- Have a breach response plan in place
- Allocate responsibility to dedicated person and/ or team
- Have a process or technology to detect data breaches
After the breach
- Notify required parties of breaches of personal data
- Provide data breach notice
- Maintain detailed records of data breaches
- Update data breach response procedures and technology
