Information & Privacy Post

Ten Incident Response Tips – Part 1

Information & Privacy Post

Ten Incident Response Tips – Part 1

Date: December 5, 2016

Responding to a data security incident is as much art as science. Whatever size your organization and whatever risks you face, you should have a detailed incident response plan to guide the efforts of a defined incident response team. Here are five norms your team should understand and strive for. Stay tuned for five additional tips next week.

  1. Initiate a response as soon as possible

Time is a critical asset in incident response. You will start in a hole if your data security events are not identified and reported promptly and escalated appropriately and without delay. Maintain a policy with a duty to report all data security events. Reinforce the duty through broadly-directed, regular communication and training.

  1. Watch your assumptions

Information is your other critical asset. Don’t expect perfect knowledge: make decisions based on facts and evidence to the extent you can. If you must make assumptions, state them and give them scrutiny. Be prepared to challenge comfort-giving assumptions.

  1. Keep the ball moving

Data security incidents can be complicated. You deserve and are entitled to reasonable time to gain an understanding. Your timelines, however, will always be judged. Strive for progress and continuous movement.

  1. Don’t rush

Once people outside your organization learn about your incident, you will suffer a loss of control. It is perfectly okay to gain an understanding of what you’re dealing with before notifying. If you must notify and address an incident quickly because it is already widely known, send a “placeholder” notice that provides what information you can and commits to an update.

  1. Obtain objective input

Incidents can evoke action based on a sense of guilt. Conversely, they can evoke inaction based on unfounded optimism. Obtain objective input (possibly from an external lawyer and experienced “breach coach”) to overcome these potential biases.

If you need advice about an incident you are dealing with now, please call Daniel J. Michaluk or any member of our Information & Privacy Group. With extensive expertise on data breach management, we are well-positioned to provide you with the advice you need to manage the issue and solve your problems.


The article in this Client Update provide general information and should not be relied on as legal advice or opinion. This publication is copyrighted by Hicks Morley Hamilton Stewart Storie LLP and may not be photocopied or reproduced in any form, in whole or in part, without the express permission of Hicks Morley Hamilton Stewart Storie LLP. ©