Data Breach and Privacy Incidents
DPBBOARD's privacy incident response team (PIRT) is made up of expert attorneys and security specialists who combine both technical, legal and regulatory knowledge to help you address incidents around the globe.
The PIRT team helps clients to mitigate and manage privacy breaches occurring within an organization and external to the organization. Our team utilizes start of the art tools and deep knowledge to guide you on your reporting obligations, containment, notifications and overall prevention of harm individuals.
Determine if there is a breach
- A compromised system or lost or stolen equipment contain personal data;
- A compromised account has access to personal data;
- Keep in mind that even less sensitive personally identifiable data can be used to cause harm;
- Was there security around the data or the system housing the data? Specifically, was the personal data encrypted in a way that cannot be accessed by an unauthorized person?
- Identify all the data elements involved. These include but not limited to name, unique government identifier such as SSN, address, DOB, financial data, application/account user id, passwords, family tree, race, gender, medical record number, biometric identifier etc.;
- Number of individuals potentially affected;
- Types of controls in place to mitigate risk;
- Map all the states and countries involved. This is done by identifying where each affected individual resides.
- Conduct a threshold assessment using applicable state or country law for notification obligation.