Why conducting a post-Privacy breach review is critical

Businesses must reduce the likelihood of the same breach reoccurring.

How many breaches will your clients tolerate? In the event that a breach occurs and you do not deal with the repercussions adequately, your client’s confidence and trust in your business will likely disappear and potentially lead them to take their business elsewhere.

In 2017, 43% of cyber-attacks in Australia targeted small businesses. Of those, 22% are now closed. The common thread to the closures was lack of trust and confidence in their information being protected.

Your business is the trusted custodian of your client’s information. They expect it to be handled and protected appropriately.

It’s vital to fully investigate the cause of the breach and the existing conditions which allowed the breach to occur.

 

 

More than likely, the ‘existing condition’ has been a risk for some time. It is a weak point in your Privacy practices. It’s an ‘open door’ for more potential breaches to be exploited.

 

If you come to the decision that the breach will not cause serious harm to anyone and is not an eligible data breach, the reality is, you still are at risk and have an ‘open door’. It must be closed by conducting the Review process.

A well-structured Data Breach Notification (DBN) Plan will take you through the ‘Review’ process . The plan will step you through the investigation, documentation and remediation phases. It will go a long way to closing the door.

The key steps of the Review process within the DBN Plan include :

  1. Identify the existing condition that allowed the breach to occur
  2. Develop an Action Plan to minimise future breaches
  3. Implement all the actions and communicate to appropriate Stakeholders

Your DBN Plan is not complete until all actions have been implemented and key stakeholders updated.

Privacy Proactive specialises in developing tailored DBN plans for businesses. If you would like to know more, please contact me.