In today’s threat-filled world, sensitive customer information is constantly at risk for exposure. 2017 will be no different with cyberattacks, ransomware, spear phishing, malware, system and process failure, employee negligence, lost or stolen devices. There is no better time than the present to assemble an incident response team — before a privacy or security incident has occurred.

A common refrain across many organizations is the importance of pairing security and privacy roles, so that when regulated data is involved in an event, a cross-functional determination may be made as to whether that event is a privacy incident, security incident, or data breach that requires further investigation or remediation.

What about other partners in your incident response effort? Who else would you pull in internally or externally to be prepared for a data breach? These are questions to answer before an incident occurs to ensure that your team is ready, trained in their roles, and practiced thanks to regular breach preparedness drills.

When assembling your team, there are multiple roles to consider beyond a core team of IT, privacy, and security professionals:

  • Team lead: This is the person who will oversee the team and drive the escalation of the incident, conveying messages to other members of the incident-response team and potentially the executive sponsor, leadership team, or if necessary, board of directors.
  • Executive sponsor: An individual in an executive-level leadership position who will help prioritize breach preparedness at the leadership level. This is who will coordinate and report to the executive team and potentially the board to ensure everyone is kept up-to-date with the incident response process.
  • Internal or external general counsel: Together with the privacy officer, this role may be helpful in validating the breach determination, and help scope out the legally required notifications to regulatory bodies, such as providing notification to individuals, media, law enforcement, government agencies, credit monitoring services, etc.
  • HR or customer success teams: Depending on the nature of the incident and what information was divulged, customers or your own employees might need to be made aware of a data breach. HR is also an important partner in helping manage the consequences of an employee infraction, which may have lead to a breach, or how to communicate internally if employee information has been divulged.
  • PR or marketing: If an incident is revealed to be a data breach and of a certain size, your organization may be required to disclose the breach to the media or notify individuals. Public relations or marketing departments will need to be brought in to identify notification and communication tactics, track media coverage, respond to negative press, etc. The messaging of an incident may require collaboration between this team and general counsel, depending on the communication requirements. 

When assigning these roles, consider who might be appropriate as part of the core team; those who will shepherd the incident discovery and incident response forward vs. those who should be considered part of the extended team, those who will only be called on in a consultation capacity or for reporting. Maintaining a core team will ensure that small events or those incidents that do not require notification will be handled with minimal impact on workloads across departments.

We developed a sample worksheet to circulate with your team to identify core and extended team members and roles. When it comes to compliance and managing incident response, it takes many people across multiple departments working together. Identify your team now to stay ahead. 

Engineering via photopin (license)