Breach disclosure is the process of informing individuals whose personal information has been breached by a data breach. The goal is to provide them with time to take action to protect their identities.
The term “breach” refers to any unauthorized access or disclosure of personal information. It can include internal breaches, such as when an employee accidentally sends sensitive information to an email address that isn’t secure. It can also include external breaches, such as when someone steals or otherwise illegally gains access to sensitive information stored on a company’s servers.
The process for breach disclosure varies depending on where you live and what type of breach you’re dealing with. In general, though, there are three steps:
Notify affected individuals that their personal information was breached. This step is required by law in many states and countries; if it’s not required by law where you live, it’s still a good idea because it gives you time to prepare before issuing public notification or making other major changes that affect your customers and employees.
Issue public notification about the breach after completing the first two steps. Public notification lets everyone know about the incident so they can take action to protect themselves against identity theft or other associated risks (for example, if someone stole laptops containing passwords).