How to build a bulletproof internal data breach response team

Published: November 30, 2017 by Michael Bruemmer

We recently released the latest edition of our Data Breach Response Guide, a resource we’re proud to offer to business leaders to help them navigate the often-nebulous waters of incident response planning. As the threat of data breaches become no longer a matter of “if” but “when,” it’s never been more important for organizations to have a proactive plan in place to deal with the fallout, prevent further data loss and manage the possible customer backlash and threat to brand reputation.

We kick off our guide by underscoring the importance of building a strong data breach response team well in advance of an incident. When a data breach occurs, business leaders can be left scrambling to assemble a team and assign responsibilities. Here’s how to make sure your internal breach response team is organized and ready to jump into action:

Your internal team should be composed of these seven divisions:

  1. Incident lead. Usually this will be a Chief Privacy Officer or someone from a legal department who will determine what the team needs to adequately respond to the incident and then coordinate the response, both internally and externally.
  2. Executive leaders. Make sure you have your key decision-makers involved and supporting you with the needed resources to develop, test and implement your plan. This will help you gain the support of top management and give you a line of communication to the board or other stakeholders.
  3. Legal. You’ll need privacy and compliance experts to help navigate any potential lawsuits and fines that you risk after a breach. They will help with how to advise impacted individuals, as well as government agencies, the media and others.
  4. Human resources. HR personnel should be ready to answer questions and inform employees and former employees of the data breach through meetings or online forums.
  5. Public relations. Your PR team will have a crisis management strategy in place and decide on the best way to notify the media and respond to negative press. Along with tracking and analyzing media coverage, they will compose consumer-facing materials for the website, media statements, press releases and more.
  6. Customer care. These are the people who will be on the front lines, fielding concerns and answering questions from customers. They will craft phone scripts, log call volume and take note of the top questions and concerns from customers.
  7. Information technology. Your IT and security teams will train people in data breach response techniques. In the case of an incident, they will isolate contaminated machines, preserve evidence and work with a forensic firm to identify the compromised data and draw up a report detailing the breach with a plan to prevent future attacks.

To learn about the other external partners and influencers you should incorporate into your team, download our complimentary Data Breach Response Guide.