Last Updated: February 2017

This two-part series by Mahmood Sher-Jan first published in The Privacy Advisor in early 2017. Find all three articles below.

Part 1: Building your incident response team: It takes a village
In today’s threat-filled world, sensitive customer information is constantly at risk for exposure. 2017 will be no different with cyberattacks, ransomware, spear phishing, malware, system and process failure, employee negligence, lost or stolen devices. There is no better time than the present to assemble an incident response team — before a privacy or security incident has occurred.

Part 2: Is it an incident or a breach? How to tell and why it matters
How you label an occurrence that may or may not involve the exposure of sensitive customer data will determine, among other things:

  • Which departments should get involved
  • What actions should be taken
  • How the occurrence will be resolved
  • Whether notification will be required
  • Who to notify, when to notify, and how to notify