Design Personal Data Breach Response Plan
About This Course
Upon completion of this Course, participants will have the following knowledge:
• Mechanics of incident alert triggers
• Incident remediation solutions and strategies
• Incident mitigation strategies.’
• Personal Data Protection Act 2012
• Trends in personal data breaches or incidents that may impact business / IT processes or services.
• PDPC’s Guide to Managing Data Breaches 2.0
With the above-mentioned knowledge, participants will be able to carry out the following:
• Develop mechanisms or threat signatures that trigger incident alerts to relevant parties and systems
• Integrate cyber- and data-related information, alerts and analysis from detection system logs to develop a holistic view of incidents
• Distil key insights and impact from analyses of incidents
• Manage the containment of cyber and data incidents within the organisation
• Lead recovery of contained security incidents
• Establish mitigation and prevention processes and policies
• Drive implementation of mitigation processes and policies
• Develop a data breach management plan that considers business processes and needs, and include defined roles and responsibilities, as well as contingency plans when different breach scenarios occur.
• Establish a process that can effectively respond to data breaches by referencing PDPC’s CARE framework.
• Report the personal data protection breach to senior Management / PDPC that describes the extent of the personal data protection breach (e.g. the number of individuals affected) and the type and volume (number of records) of personal data involved and communicate in the most effective way to individuals affected by the breach incident.
Who Should Attend?
The participants for this programme are likely to be:
• Data Protection Officers
• Team Members of Organisation’s Personal Data Protection Committee
• Anyone in the organisation who assists the Data Protection Officer.
What You'll Learn
• Trends in Personal Data Breaches
o Trends in Singapore
o Global Trends
• Incident Alert Triggers
o Purpose of incident alert triggers
o Importance of incident alert triggers
o Best Practices
• Requirements Gathering for the Development of a Data Breach Management Response Plan
o Data Inventory Map
o Data Flow Diagram
o Risk Assessment
o Reporting to Senior Management
o Content of Risk Assessment Report
o Requirements Gathering Tool
• Components of a Data Breach Management and Response Plan
o Defining a data breah
o Reporting the breach internally
o Forming a data breach management response team
o Time to engage the data breach management response team
• Containment of breach
o Scoping incident
o Preservation of Evidence
o Initial Assessment
o Containment Strategy
• Assessing the Risk and Impact
o What and How to assess
o Ease of identifying individuals
o Investigating root cause of breach
• Reporting the data breach
o Incident Report and incident ecord log
o When to report to PDPC
o Reporting breach to affected individuals
• Evaluating Response and Consider Actions to Prevent Future Breaches
o Recommending enhancement or system changes
o Reducing human error risk factor
o Data minimization and minimization of data access
o Securing networks
o Require Vendors to uphold same standards
• Test Personal Data Breach Response Plan
o Methods of testing
o Incident handling scenarios
Entry Requirements
There are no pre-requisites for this course.
Assumed Knowledge and Experience:
• Understands relevant organisational strategies, objectives, culture, policies, processes and products / services
• Aware of compliance requirements of the organisation
Assumed Skills:
• Have business writing skills to prepare management report
• Have analytical skills to assess policies and procedures
• Have information gathering skills to gather and collate necessary data
• Have interpersonal and communication skills to interact with relevant stakeholders; and
• Have facilitation skills to ask the right questions to elicit necessary information