• Demisto Blog
  • »
  • 5 Steps in Breach Notification That Should Be Part Of Your Incident Response Plan

5 Steps in Breach Notification That Should Be Part Of Your Incident Response Plan


Many businesses treat breach notification protocols as part of their mandatory compliance obligations, and as such this part of the process often comes across as an afterthought to a concerned public. Unfortunately, this also means that the company in question has lost an important opportunity to rectify the data breach with their customers during a critical point in the process when customer trust is most delicate.

If your incident response plan doesn’t include a customer-facing breach notification process, it’s missing an integral part of communication that lets customers know that they may have to mitigate damages caused by potentially compromised personal data. This article by Heidi Shey at Forrester offers insights to offset the risk as it relates to breach notification and response.

Here are five steps in the breach notification process that should be part of any comprehensive data incident response plan:

  1. Define what constitutes a breach vs. a general security incident. Consider the contracts you have with business associates and other service providers and understand the potential shared responsibility and liability amongst all parties.
  2. Don’t notify the public prematurely. During the early stages of any data breach or security incident, criticism will likely be forthcoming no matter what. Be sure you have all pertinent facts before going public.
  3. Strengthen relationships with enforcement and regulatory bodies as a regular part of doing business; you don’t want to wait until after a data breach occurs to try and establish trust in your business community. Be sure to be proactive with communications for all law enforcement personnel throughout the early stages of a data incident to instill trust and mutual respect.
  4. Incorporate breach notification strategies as an extension of your routine customer relationship management protocols. Coordinate incident response communications with your customer-facing employees early in the process to re-establish trust with your customers as soon as possible after a breach.
  5. Audit all breach notification events and processes during and after an incident. Depending on the severity of the incident and whether certain compliance protocols are triggered, detailed tracking of company efforts to mitigate customer damages will help your business in any future litigation matters.

If your business needs help tracking all the incident response activities and building an effective incident response plan that includes a comprehensive breach notification program, we can help. Contact Demisto for a free trial of Demisto Enterprise to keep your business up-and-running during any potential breaches and data disasters.

Contact Us for a Free Trial