Templates and checklists

Checklist · Breach

Data Breach Response Checklist

A first-response checklist for the hours and days after you discover a personal data breach.

Editable checklist
This is a general starting template, not legal advice. Adapt it to your business and have it reviewed before you rely on it. Text in square brackets is for you to complete.

Data Breach Response Checklist

Use this the moment you suspect a breach. Work top to bottom.

Contain (first)

  • [ ] Stop the breach: disable access, recover devices, take a system offline if needed.
  • [ ] Note the date and time you discovered it and who found it.
  • [ ] Avoid destroying evidence while you contain it.

Assess

  • [ ] Identify what personal data is involved and how many people are affected.
  • [ ] Note whether sensitive data is involved.
  • [ ] Assess the risk of harm to the people affected (low, medium, high).

Record

  • [ ] Open an entry in your breach register.
  • [ ] Record the facts, your assessment, and the actions taken.

Notify (where required)

  • [ ] Decide whether the breach is notifiable, based on the risk.
  • [ ] If required, notify the Office of the Information Commissioner without undue delay.
  • [ ] Notify affected individuals where they need to protect themselves.

Recover and learn

  • [ ] Fix the root cause so it cannot recur.
  • [ ] Update safeguards, training, or processes as needed.
  • [ ] Close the register entry with who signed it off and when.
Watch out. Speed matters. Contain first, record as you go, and do not wait until everything is resolved to start.
Legal note. This is a general checklist, not legal advice. Confirm the notification threshold and timeframe against the Act and OIC guidance.