As demonstrated by recent security breaches at several large, tech-savvy companies such as Yahoo and Target, data breaches are not a matter of if—but when—they will occur. Your organization has to consider this: what is your plan of action after a data breach, when your security and data loss prevention measures have failed? Here are the “3 – Ps” that you should have for your organization to handle this complex issue.

Attacks against your data and network are often targeted. The key, however, is how you can detect, respond to and recover from these incidents and limit the exposure and damage that such attacks can do.

P #1: Policy

Your organization needs to create a data breach response policy, approved by your organization’s leadership, that is relevant to your environment. The purpose of the policy is to establish a reasonable and appropriate breach response process. Your policy should have a clearly defined scope, tasks, timelines and clear staff ownership of responsibilities. The policy should include the following:

  • Investigation
  • Remediation
  • Containment
  • Reporting

This policy should be a living document, and all personnel whose duties involve data privacy and security protection will have to have a thorough and extensive understanding of this document.

P #2: Plan

Your plan needs to be a concise document with detailed elements to enforce all tasks relating to the incident investigation, remediation, containment, reporting and notification of affected parties. In addition, the plan should identify your company resources. This document should be regularly reviewed and tested in conjunction with your business continuity and disaster recovery procedures.

P #3: Procedure

Our experts have reviewed countless data breach policies and procedures. More often than not; most of the plans have very clear and comprehensive policies, but most of the procedures are vague and/or missing. The procedures are important. These measures need to include specific steps and behavior to ensure that response activities are handled in an efficient, documented, and repeatable way, while minimizing the introduction of errors. Once again, these procedures will need to periodically reviewed and tested with your (GRC) Governance, Risk, and Compliance team.

The causes of data breaches can be complex. However, the steps for responding should be straightforward. You need to have a measurable plan, including the “do’s and the don’ts,” in addition to a well-defined and well-planned governance for response.

Would you like help or would you like to know more? Please contact us at or 303.521.4044.