Data security breaches
01 April 2008
The ICO has published a Practice Note on how to manage breaches of data security. The note covers what plan a company should have in place in case of a breach. There are four elements. Firstly, a recovery plan, which should include damage limitation. Secondly, undertaking an assessment of ongoing risks. Thirdly, considering whether a breach should be notified, who should be notified and what information should be given.
This includes advice to individuals on how to protect themselves. Fourthly, investigating the cause of a breach and the effectiveness of the response to it.