Data Breach Response Checklist
Use this the moment you suspect a breach. Work top to bottom.
Contain (first)
- [ ] Stop the breach: disable access, recover devices, take a system offline if needed.
- [ ] Note the date and time you discovered it and who found it.
- [ ] Avoid destroying evidence while you contain it.
Assess
- [ ] Identify what personal data is involved and how many people are affected.
- [ ] Note whether sensitive data is involved.
- [ ] Assess the risk of harm to the people affected (low, medium, high).
Record
- [ ] Open an entry in your breach register.
- [ ] Record the facts, your assessment, and the actions taken.
Notify (where required)
- [ ] Decide whether the breach is notifiable, based on the risk.
- [ ] If required, notify the Office of the Information Commissioner without undue delay.
- [ ] Notify affected individuals where they need to protect themselves.
Recover and learn
- [ ] Fix the root cause so it cannot recur.
- [ ] Update safeguards, training, or processes as needed.
- [ ] Close the register entry with who signed it off and when.
Watch out. Speed matters. Contain first, record as you go, and do not wait until everything is resolved to start.
Legal note. This is a general checklist, not legal advice. Confirm the notification threshold and timeframe against the Act and OIC guidance.
