CDPSE · Question #313
An organization has confirmed a breach of personal data. Which of the following actions should be done NEXT?
The correct answer is B. Review the nature of the breach to determine impacted individuals.. After confirming a personal data breach, the immediate next step is to review the nature of the breach to determine which individuals were impacted. This assessment is essential before any other action can be taken: regulators typically require specific details about the scope an
Question
An organization has confirmed a breach of personal data. Which of the following actions should be done NEXT?
Options
- AInform regulators of breach details.
- BReview the nature of the breach to determine impacted individuals.
- CNotify all data subjects of the breach as necessary.
- DImplement remediation actions to prevent reoccurrence.
How the community answered
(43 responses)- A16% (7)
- B70% (30)
- C9% (4)
- D5% (2)
Explanation
After confirming a personal data breach, the immediate next step is to review the nature of the breach to determine which individuals were impacted. This assessment is essential before any other action can be taken: regulators typically require specific details about the scope and nature of the breach in notifications (A), affected individuals cannot be properly notified without knowing who they are (C), and effective remediation cannot be targeted without understanding what happened (D). Privacy regulations such as GDPR require breach notifications to include details such as the categories of data affected and the estimated number of individuals involved - information that only emerges from this initial scoping review.
Topics
Community Discussion
No community discussion yet for this question.