Breach Notification Services

You just learned that your business experienced a data breach. Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next.

What steps should you take and whom should you contact if personal information may have been exposed? You can rest assured that Procare Cyber will assist you every step of the way with an experienced team that understands your situation.

Our Delivery Promise

We understand the critical nature of data breaches and the importance of responding quickly and decisively. Our team of experienced professionals offers a range of services to help you:

  • Rapid Detection and Containment: Utilise advanced security tools and processes to identify breaches quickly and minimize potential damage.
  • Comprehensive Investigation: Analyse the breach to determine the scope, source, and type of data compromised.
  • Regulatory Compliance: Ensure notification efforts adhere to all relevant data breach notification laws (e.g., GDPR, HIPAA, state data breach laws).
  • Effective Communication: Develop clear and concise communication materials to notify affected individuals about the breach and steps they can take.
  • Data Breach Notification Management: Assist with sending notifications via various channels (email, postal mail, website notices).
  • Reputation Management: Develop a strategy to mitigate reputational damage caused by the breach.
  • Post-Breach Support: Help you implement measures to improve your cybersecurity posture and prevent future breaches.

Initial impact assessment

  • The number of people affected by the breach or suspected breach
  • Whether there is a risk of serious harm to affected individuals now or in the future
  • Whether the data breach or suspected data breach may indicate a systemic problem with your entity’s practices or procedures
  • Other issues relevant to your circumstances, such as the value of the data to you or issues of reputational risk
  • Comply with all applicable data privacy regulations.
  • Will there be a requirement for Identity Protection and/or Credit Monitoring?

Australian Legal Notification Requirements

  • The Australian legal landscape in the cyber incident space is somewhat complex, with federal economy-wide obligations to notify of a cyber incident in certain circumstances, supplemented with industry-specific and state-based laws, which may apply depending on the nature of the organisation.
  • All of Australia (sectoral legislation)
    • Privacy Act
    • Security of Critical Infrastructure (SOCI)
    • Telecommunications
    • Prudential Standards (CPS 234, 232, 230)
    • Consumer Data Right
    • ASX Listing Rules
    • My Health Records
  • Consider the extraterritorial application of other jurisdictional privacy regulations, ie GDPR

Communication Strategy

  • A clear and consistent message will be used across all communication channels.
  • The communication will be factual and avoid technical jargon.
  • Empathy and transparency will be emphasized when addressing affected individuals.
  • The notification will include the following information:
    • Description of the Breach: Explain what happened, when it occurred, and the type of data that was exposed.
    • Potential Risks: Describe the potential risks associated with the breach, such as identity theft or fraud.
    • Recommended Actions: Advise individuals on steps they can take to protect themselves, such as changing passwords or monitoring credit reports.
    • Contact Information: Provide contact information for a dedicated team to answer questions and address concerns.

Notification & Communication

  • Choose appropriate notification channels: Utilise email, SMS, postal mail, website notices, or media releases depending on the severity of the breach and audience.
  • Communicate transparently with affected individuals: Be honest and upfront about the breach, acknowledge the potential risks, and be a point of contact for questions.

Reporting & Documentation

  • Document the breach response: Maintain a record of all actions taken, including findings, communication materials and dates, and responses to inquiries from affected individuals.
  • Report the breach to relevant authorities: Depending on the regulations and severity of the breach, some data breaches might require notification to government agencies.
  • Review and update notification procedures: Evaluate the effectiveness of the notification process and update procedures as necessary to improve future responses.

Jake Griffiths

Cyber Risk Solutions Analyst

Comprehensive Post-Incident Support with Procare Cyber