Data Breach Response Policy Template

By using the editable Word template provided, you will be able to easily develop a data breach response policy to provide a process to report suspected thefts involving data, data breaches or exposures (including unauthorized access, use, or disclosure) to appropriate individuals; and to outline the response to a confirmed theft, data breach or exposure based on the type of data involved.

The template includes the following sections:

1. Purpose: Clear definition what the goal is of the policy/document. 
2. Background: Information about why this policy was created.
3. Scope: What is and what is not included.
4. Cooperation:  With whom and wow to cooperate 3th parties in case case of a data breach.
5. Communication plan: How to communicate in case of a data breach.
6. Ownership and responsibilities.
7. Enforcement.
8. Definition. List of all definitions including explanation.

Example extract of the document:

Data Breach Response Policy

1.Background

This policy mandates that any individual who suspects that a theft, breach, or exposure of {{organization-name}} Protected data or {{organization-name}} Sensitive data has occurred must immediately describe what occurred via e-mail to {{helpdesk-email}}, by calling {{helpdesk-tel}}, or through the use of the help desk reporting web page at {{helpdesk-web}}. This e-mail address, phone number, and web page are monitored by the {{organization-name}}’s Information Security Administrator. This team will investigate all reported thefts, data breaches, and exposures to confirm if a theft, breach, or exposure has occurred. If a theft, breach, or exposure has occurred, the Information Security Administrator will follow the appropriate procedure in place.