Personal Data Breaches

If a breach occurs it must be reported within 72 hours of becoming aware of it.  Affected individuals also need to be informed if the breach could adversely impact them.

A breach detection procedure to ensure decisions and assessments of the severity of a breach are made quickly is key.

Data breaches need to be logged even if notification was deemed unnecessary.