Rapidly and effectively responding to a data breach can make all the difference in preventing major financial loss, safeguarding your organisation’s personal information. A well-thought-out policy and response plan is critical to ensure that everyone in your business knows what to do.

Our Commercial Legal team has drafted the Data Breach and Incident Response Plan Policy to provide your business with the tools to manage and respond to a data breach. The incident response plan clearly sets out:

1. How to identify a data breach;
2. What actions need to be taken during the initial phases of a breach;
3. How to comply with any legal obligations because of the breach;
4. What actions need to be taken to contain the effects of a data breach;
5. How to prepare and manage internal and external communications;
6. A process to investigate and assess the causes of the breach; and
7. Conduct post-incident actions to prevent future breaches.

The policy and plan are intended to provide a foundational document that can better prepare your business to react to a cyberattack and can be further customised to suit your business needs.

This policy is not suitable for businesses who own or operate critical infrastructure under the Security of Critical Infrastructure Act 2018. If your business owns or operates critical infrastructure, it is mandatory to report certain types of cyber security incidents. Please reach out to our Commercial Legal team to see how we can assist with tailoring this policy to fit your business.