TTG – Features – The dos and don’ts when dealing with a data breach
Is the security incident ongoing? If so, take action to stop the data security breach from continuing or recurring.
Determine the identity of the data controller for the purpose of the data security breach. The data controller is the party that determines the purpose for and manner in which personal data is processed.
Has any personal data been affected? If so, what types of personal data, such as name, address or date of birth?
Has any “sensitive” personal data been affected? This includes information on disabilities or medical conditions, ethnic origin, sexual orientation or religious beliefs. Also consider whether payment or credit card and passport details have been affected.
Has any other information been disclosed which, when taken in conjunction with other personal information, could have an adverse impact? For example, a customer’s dates of travel in conjunction with their address details.
Has the information been received or accessed by a third party? If so, do you know who this third party is?
Consider the timeline. If the security incident was temporary, how long was the personal data accessible or at risk for?
Gloss