Articles
Preparing for the Mandatory Data Breach Notification
Preparing for the Mandatory Data Breach Notification must include:
- Business Continuity Plan
- Data Breach notification plan
- Risk management plan
- Cyber and privacy strategy
- Antivirus, Intrusion Detection and Protection Systems
- Policies for access to the systems
- Backups
- Stop the breach
- Assess the breach - preliminary
- Notify the stakeholders - directors, owners, OAIC, CERT, insurers, banks, legal counsel, patients - using the prepared messages as guidance
- Contact the company who will undertake the forensics
- Have the three key elements in place:
- Governance measures:
- IT measures:
- Cyber insurance to mitigate the residual risk
- Knowledge and information about your data assets - document where they are:
- Software: what software systems do you use?
- Hardware: what hardware do you have and where?
- Do you keep the data "in the cloud" (ie on the systems of a storage provider?)
- What devices can access the systems (phones, tablets, etc) and whom do they belong?
- Vendor management:
- Have a list of all your vendors and their contact details that can be used in case of a breach
- Have a clause in the contract that specifies how they will cooperate with you if there is a breach
- Knowledge and information about your staff and their privileges to the systems used:
- Prepare a plan for the Data Breach notification which contains:
- Definition of what constitutes a data breach to assess its severity
- Appoint staff members who will be in charge of coordinating the execution of the Plan
- Know the steps to be taken in case of a breach
- Prevent any further breaches
- Test the plan at least once a year
To discuss and find out more, please join us on Friday 23rd of February 2018 (when the Mandatory Data Breach Notification comes into effect). Please register by clicking on the link below:
Data Breach notification readiness Discussion