Template for data breach notifications I

Similar documents
Table 5.5. Industry Employment Opportunity Grades, 2012: Native Americans

Raad voor Accreditatie (Dutch Accreditation Council RvA)

ASSESSMENT OF CERTIFICATION BODIES

Annex to the Accreditation Certificate D-ZM according to DIN EN ISO/IEC :2015

The trade in Value Added of the European Union regions

GUIDELINES FOR TENDERS FOR CERTIFICATION TO ISO 9001 AND OTHER MANAGEMENT SYSTEMS STANDARDS

The Impact of Cloud Computing on Business

Accreditation Schedule

Technological developments contributing to emergence of digital technologies:

Overview Of The German Energy Efficiency Market

GLOBAL TRADE REPOSITORY COUNTERPARTY REFERENCE DATA (CRD) UTILITY USER GUIDE

Classifications and correspondence tables

The United Republic of Tanzania THE THIRD QUARTER GROSS DOMESTIC PRODUCT (JULY - SEPTEMBER) 2015

The Labour Cost Index decreased by 1.5% when compared to the same quarter in 2017

Sub-regional analysis

Zahn s Corner Labor Profile 450 Industrial Park Drive Waverly, (Pike County) Ohio

Top 10 Global Threat Rank by Source

Accreditation Schedule

INDUSTRIES W/PEER GROUPS 02/28/2019 CONSUMER SECTOR

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

DATA CENTER WORKFORCE NAICS Employment Codes (Tallahassee MSA), Q1 2015

Socioeconomic Overview of Ohio

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

ACCREDITATION SCHEDULE

The Cyber War on Small Business

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Cyber Risks in the Boardroom Conference

Is the U.S. Losing Its Manufacturing Base?

FIRST QUARTER 2018 CHARLOTTE-MECKLENBURG GROWTH REPORT

Steuben County Economic Profile Population Changes. Population Change

Unit 3 Cyber security

Cyber Insurance: What is your bank doing to manage risk? presented by

External Supplier Control Obligations. Cyber Security

2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

A Guide to IIoT Connectivity

2017 Ethics & Compliance Hotline & Incident Management Benchmark Report Webinar

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Cyber Security. June 2015

RSO P P P P P P P P P P P P P

Accreditation Criteria

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Quarterly Gross Domestic Product Report

Industry Statistics Database + Industry Datafiles

The Office of Public Works. Property Asset Management Property Mapping Register Viewer User Guide Version 1.2.3

Qualified recipients are Chief Executive Officers, Partners, Chairmen, Presidents, Owners, VPs, and other real estate management personnel.

Sector Rotation Strategies in Asia: Which Sectors Are Best Positioned to Benefit from Recovery?

THE GUIDE FOR ASSESSMENT OF AN EMAS ENVIRONMENTAL VERIFIER

Unified Communications Phase 2 Presentation to IT Services Users Group

Breaches and Remediation

CCST Examination Application

RICE COUNTY, MN GETTING TO KNOW RICE COUNTY & THE RICE COUNTY COMMUNITIES FAM Tour ~ August 12, 2014

Legal Aspects of Cybersecurity

DIGITAL FORENSICS. We Place Digital Evidence at Your Fingertips. Cyanre is South Africa's leading provider of computer and digital forensic services

CAP Examination Application

Business Continuity Management

Security Breaches: How to Prepare and Respond

Breach Notification Form

CYBER SECURITY AND MITIGATING RISKS

Measurement of Total Labor Productivity Growth by using Eora MRIO and OECD WIOD

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM

Community Resilience Innovation, Collaboration, Sustainability, Results. The Los Angeles Emergency Preparedness Foundation

Ponemon Institute s 2018 Cost of a Data Breach Study

Electronic Communication of Personal Health Information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

An Institute of Physics Report October The role of physics in supporting economic growth and national productivity

BUSINESS & MARKETING EDUCATION CAREER PATHWAYS

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

THE UNITED REPUBLIC OF TANZANIA HIGHLIGHTS FOR THE SECOND QUARTER (APRIL JUNE) GROSS DOMESTIC PRODUCT, 2016

Breaches and Remediation

Chapter 12. Information Security Management

Consolidated version of

What to do if your business is the victim of a data or security breach?

Big Data Cybersecurity Analytics Research Report Sponsored by Cloudera

Cyber Attack: Is Your Business at Risk?

Personal Cybersecurity

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

The Cost of Denial-of-Services Attacks

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

2017 RIMS CYBER SURVEY

What is Cybersecurity?

Cybersecurity Survey Results

Barry Lowry Government CIO September Digitising Ireland the Government Chief Information Officer's Perspective

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Cyber-Threats and Countermeasures in Financial Sector

The Data Breach: How to Stay Defensible Before, During & After the Incident

Potential business impact of cybercrime on small and medium enterprises (SMEs) in 2016 Survey report USA. October, 2016

Cybersecurity and Nonprofit

Investor Presentation

LAND DEVELOPMENT CODE OF THE CITY OF LAWRENCE, KANSAS, TEXT AMENDMENTS, SEPTEMBER 11, 2012, EDITION. Amending Article 4, Section

Helping Businesses Grow & Succeed

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Security & Phishing

June 2 nd, 2016 Security Awareness

Critical Infrastructure

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

A Note on Industry Recommendations in IBES

From Russia With Love

Transcription:

Template for data breach notifications I I. Identification of the data controller This information is exclusively for the relevant Data Protection Authority, not to be shared with third-parties. 1. Details of the company Company name Address Postal code City Country 2. Contact person (to obtain complementary information) Name Position Address Postal code City Country E-mail address Telephone no. 3. Type of notification Complete notification (fields included in section II and III shall be completed within 72-h after having been aware of the data breach) Notification in two steps (fields included in section II shall be completed within the 72-h notification period and fields included in section III shall be completed within four weeks after having been aware of the data breach)

II. Principal information on data breach To be completed and shared with the Data Protection Authority within the first 72 hours after having become aware of it. 1. Sector of affected party Agriculture, forestry and fishing Mining and quarrying Manufacturing Manufacture of food products, beverages and tobacco products Manufacture of textiles, wearing apparel, leather and related products Manufacture of wood and paper products; printing and reproduction of recorded media Manufacture of coke and refined petroleum products Manufacture of chemicals and chemical products Manufacture of basic pharmaceutical products and pharmaceutical preparations Manufacture of rubber and plastics products, and other non-metallic mineral products Manufacture of basic metals and fabricated metal products, except machinery and equipment Manufacture of computer, electronic and optical products Manufacture of electrical equipment Manufacture of machinery and equipment n.e.c. Manufacture of transport equipment manufacturing; repair and installation of machinery and equipment Electricity, gas, steam and air conditioning supply Water supply; sewerage, waste management and remediation Construction Wholesale and retail trade; repair of motor vehicles and motorcycles Transportation and storage Accommodation activities Food service activities Publishing, audio-visual and broadcasting activities Telecommunications IT and other information services Financial and insurance activities Real estate activities Legal, accounting, management, architecture, engineering, technical testing and analysis activities

Scientific research and development professional, scientific and technical activities Administrative and support service activities Public administration and defence; compulsory social security Education Human health activities Residential care and social work activities Arts, entertainment and recreation service activities Activities of households as employers; undifferentiated goods- and services - producing activities of households for own use Activities of extraterritorial organizations and bodies 2. Size number of employees 1-9 10-49 50-249 250-749 750-1000 > 1000 3. Size turnover 2 m 10 m 50 m > 50 m 4. Member state where business has its main establishment Please select... 5. Member state where the breach took place Please select...

6. Date/time of the breach Hour Minute Day Month Year 7. Date/time of detection Hour Minute Day Month Year 8. Are you aware of the cause of the breach? (please refer to Q8 in Section III if not) Malicious attack Internal External Accident (system failure) Negligence (human error) 9. If a result of a malicious attack, what caused the breach? Trojans Encryption Cryptolockers Distributed denial of service Malware CEO-fraud Blackmailing 10. Which is the likely impact of the breach? Data publication Data theft Identity theft or fraud Loss of data Loss of confidentiality of personal data Property damage Direct financial loss Business interruption

Liability issues Damage to the reputation 11. Type of data exploited/affected/stolen? Personal Sensitive (eg health/genetic data, etc.) Non-personal Non-sensitive 12. If personal, what is the encryption status of personal data? Full Partial None 13. Has the data breached been subject to a Data Protection Impact Assessment (DPIA)? Yes No 14. What type of IT support does the company have? Internal External 15. What measures have been taken to mitigate the adverse effects of the breach? Data recovery Deletion of negative software Replacement of destroyed property External testing (ie ethical hackers, pen tests, etc) Enhancement of data security measures 16. Does the company have insurance for the type of incident incurred? Yes No

I III. Complementary information To be completed and shared with the Data Protection Authority within maximum four weeks after having been made aware of the data breach. 1. Date/time effects of attack ended Hour Minute Day Month Year 2. Estimated financial damage 3. How many personal datasets were exploited/affected/stolen? 4. Have data subjects been notified of the data breach? Yes No 5. How many data subjects have been notified? 6. Estimated financial losses Cost of notification Financial damage 7. What has been done or planned to mitigate this exploit being done again? Enhancement of data security measures and in particular: Audit and redesign of data collection procedure Audit and redesign of data processing procedure Audit and re-evaluate the Data processor (if applicable) Encryption of data at rest No data security measures were taken

I 8. What was the cause of the breach? Malicious attack Internal Accident (system failure) External Negligence (human error) 9. If known, what was the motivation behind the breach, in case of a malicious attack? 10. If known, what exploit software was used, in case of a malicious attack? Malware Ransomware Phishing SQL Injection Attack Cross-site scripting (XSS) Denial of Service (DoS) Session hijacking Credential reuse Insurance Europe aisbl, September 2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback