Objective

The objective of the Breach/Incident Workflow is to be guided through the documentation and process of a breach or incident. 


Menu

This can be found under the "RESPOND" top navigation bar item. 

Select "Update Incidents and Breaches".

Breach Management Table

You will be brought to the Breach Management or Incident Management table. 

This table contains a quick view of the records that have been entered into the system for any breach or incident involving Personal Data. 


Buttons on the top right

The Settings button enables authorised users to update the settings (such as default values) used in Breach Management. 

The Access  button enables the user to choose who should be given access to each breach/incident record.


The New Entry button creates a new Breach/Incident record for the purpose of the user entering details. 



CARE Approach

To play a video on the CARE approach to managing Incidents and Breaches, click the Play button on the right of the page. 



Access to Breach Management 

If you are an authorised user, you can grant access to specific user entities for specific breach/incident records.


Settings for Breach Management 

If you are an authorised user, you can grant access to specific user entities for specific breach/incident records.




Edit Breach/Incident RecordManagement 

To edit an existing Breach/Incident record, swipe to the right and click the 'Edit' button. 


Stages of the  Breach/Incident


Left Navigation Bar 


Take note of the left navigation bar of this page. It helps to guide you through the stages of managing and document an Incident or Breach. 

The key stages are: 

1. LOG the incident/breach

2. CONTAIN the incident/breach

3. ASSESS the incident/breach

4. REPORT the incident/breach

5. EVALUATE the incident/breach 

•evaluate the issues involved if any

•evaluate and control the risks
 

For supporting evidence, use 

• Files (to upload files) 

• Links (to insert a reference hyperlink)

To get custom advice, use 

• Incident Analysis 

To follow up, use 

• Tasks - to plan and assign tasks


Note that Comments are logged by date/time-stamped and the users who made the comments.  



0 - Log the Incident

To Log the incident, enter details on how it was detected, who reported the incident, who logged the incident, the stakeholders who are likely involved, any suspected cause, personal data that might be affected, and individuals that might be affected.


1 - Contain 


Once the breach/incident is logged, move to the 'Contain' step.


  • Take immediate steps to limit any further access to or disclosure of the personal data. Notify the assigned Breach Management Representative, who will alert the Data Breach Management Team if needed. 
  • Make an initial assessment of the impact of the severity of the breach.
  • Notify stakeholders like the legal counsel and technical forensic specialists. 
  • Record information about the data breach and the organisation’s response.
  • Notify the relevant body for cyberattacks (for example the Cyber Security Agency of Singapore – “CSA”) where necessary. 
  • Follow sectoral requirements (e.g. financial industry requirements) where applicable. 

 

Document the details, such as who was notified internally and externally, the details of the notification, the initial assessment of the Severity Level, the Actions taken, and the Actions to be taken. 



2 - Assess



In the 'Assess' stage, 


  • Conduct an in-depth assessment of the extent and likely impact of the data breach. This can help your organisation to identify and take the appropriate steps to prevent further harm, even as full remedial action is being implemented.
  • If you assess that the data breach is likely to cause significant harm or impact to individuals or is on a large scale, the you may need to report the breach to the Supervisory Authority. 
  • Carry out your assessment within the timeframe specified in your Data Privacy regulations.


In DPOinBOX, ensure that you document the assessment of the impact, assessment of the cause, the proposed remediation actions and the status of the breach/incident and follow-up.  


3 - Report 


  • Be aware of the breach notification timeline required for the jurisdiction(s) involved. For example, in Singapore, the PDPC must be notified whenever there is significant harm or impact is likely, or where at least 500 individuals are affected. 
  • Notify the Supervisory Authority within the timeframe required by the jurisdiction(s) involved, for example within 72 hours.
  • Notify the data subjects if required, within the timeframe required, and with at least the minimum amount and tone of information required. 
  • If you are a data intermediary, follow the regulation(s) of your jurisdiction(s) affected.


Ensure that you document the information in DPOinBOX. 


4 - Evaluate

Evaluate the response, take further action to avoid future breaches

Actions which can be taken to prevent future data breaches include: 

  • Continuing efforts of remediation actions
  • Identifying areas of weakness
  • Taking action to strengthen areas of weakness


Actions which can be taken to improve processes involved include : 

  • Implement or update a Data Breach Management Plan to enable organisations to respond swiftly and manage a data breach in a systematic manner 
  • Review the Data Breach Management Plan to ensure it remains effective 
  • Re-examine processes in the light of the breach. For example, there might be lack of control in the use of storage media for data protection, outdated software, etc. 
  • Evaluate any weaknesses in the management of third parties.
  • Evaluate if there was sufficient direction given by management in managing data breaches. 
  • Evaluate if staff and third parties were given sufficient training. 




Risks and Controls 

Enter the Risks and Controls into the risk register for the Breaches/Incidents. 

This register can also be found in the overall Risk Register.