Data breaches are a common occurrence in the tech world. In the past, if you wanted to steal information, you would have had to buy a crowbar, break a window and jimmy open a filing cabinet. These days, however, stealing data is as easy as guessing a password. Whether your breach is due to a phishing scam, a patchy security system, or Janet in accounting, most modern companies have to deal with the issue of digital security.
In recognition of this fact, the Australian government recently amended the Privacy Act to include the Notifiable Data Breaches Scheme, a comprehensive guide on how to deal with a data breach. Of course, in law-land, “comprehensive” is often a synonym for “mind-numbing”, so we’ve put together a short guide on how you should deal with data breaches that won’t put you to sleep.
What is a data breach?
A data breach is anything that results in somebody having unauthorised access to information, and which is likely to result in serious harm. It’s pretty context-specific. For example, if your toddler steals your phone, guesses your work password and sends a selfie to your boss, that’s probably not a serious data breach. However, if a 30-year-old Russian hacker does the same thing to your entire work contact list, it might result in serious harm.
If you suffer a data breach, there’s one thing you need to remember: CATS. It’s an initialism we came up with to simplify the data breach process. (It also doubles as a reminder to look at cats on the internet, which is a great way to relieve stress after a data breach).
- Control - If you think a breach has happened, your first job is to control the situation. Stop the breach to the extent that you can, lockdown, and identify what information might have been breached.
- Assess - Assess the situation. Ask whether ...