Developing the Breach Response Plan

April 20, 2015 by Stephen E. Reynolds, Partner | Siddharth Bose, Associate
Developing the Breach Response Plan

Public announcements of major data breaches have become an almost daily occurrence.  Last year was notorious for data breaches and 2015 has begun with major data breaches continuing to make headlines.  Without a doubt, a data breach can be devastating to a business.  Along with financial harm, a business can suffer reputational, legal and other consequences resulting from a data breach.  As devastating as a data breach can be, it is often the response to a breach that can cause the most damage to a company.  A timely and well-handled response to a data breach, however, can be hugely effective in mitigating the extent of the damages and can even help a business’s brand.
Given this reality, it is important for organizations to be prepared to respond to a data breach. The below is an excerpt from an article writte by Ice Miller's Data Security and Privacy Practice which provides some practical suggestions for preparing an organization to respond to a data breach.
Developing the Breach Response Plan
A data breach response plan is an operational playbook that a company can use to handle events related to security and data breaches.  One of the most frequently cited resources for developing a data breach response plan is the National Institute of Standards and Technology Computer Security Incident Handling Guide (“NIST Guide”).[1]  The NIST Guide provides a framework for use in the handling of a computer security incident including data breaches.  Generally, the NIST Guide recommends that an incident response include the following elements:
  • Mission
  • Strategies and goals
  • Senior management approval
  • Organizational approach to incident response
  • How the incident response team will communicate with the rest of the organization and with other organizations
  • Metrics for measuring the incident response capability and its effectiveness
  • Roadmap for maturing the incident response capability
  • How the program fits into the overall organization
One key suggestion is in regards to the establishment of communication lines.  It is important that the incident response team communicate effectively internally with other parties such as customers, the media, software and support vendors, other incident response teams, internet service providers, law enforcement agencies, and incident reporters.  Some specific ways to effectively provide these communication lines is by making the contact information of the team members available, having instructions for verifying the team member identities, and having secure communication lines—for example, by using encryption software.
Ideally, the response plan will delineate which events are considered incidents or breaches, establish the organizational structure for incident response, and define roles and responsibilities of the response team.  It is good practice to think of the response plan as an ongoing initiative that is tested and kept up to date to ensure its reliability and effectiveness.
For help planning your data breach response or evaluating your company’s data breach response plan, check out the other resources offered by Ice Miller's Data Security and Privacy Practice

[1] See Natl. Inst. Stand. Technol. Spec. Publ. 800-61 Revision 2 (Aug. 2012), available at (last visited on Mar. 12, 2015).

View Full Site View Mobile Optimized