Document, document, document

by | Jun 2024 | rc-child

Responding to Data Incidents: A Step-By-Step Guide for CAAs 

Introduction

1. Identify

2. Contain

3. Mobilize

4. Discover

5. Notify and Comply

6. Remediate

7. Document, Document, Document

8. Assess Financials

9. Learn and Adapt

Document, Document, Document: Record the details of the incident and response efforts. 

OnGuard kept records of all emails and letters involving the data incident. All security operations center (SOC) logs were also documented. SOC logs monitor certain areas such as password changes, unauthorized logins, malware detection, data exports, or new user accounts to identify threats. These SOC logs provide OnGuard with valuable information about network activity that can be used to identify and document data incidents and other security threats.

Lawsuits frequently follow high-profile security breaches, as cyber incidents often lead to consumer litigation or government investigations. To protect the organization from legal trouble, a CAA must document and retain all information about the incident and its response. Documentation of information is one of the most important tools to prepare for potential lawsuits, as it provides a record of the details of the incident and memorializes the CAA’s proper response to it.

Documentation should include the date and time the incident was discovered, whose data was implicated, and what systems were implicated. Document all response actions taken by the CAA, including the legal notices provided and any remediation at the organization. Internal information such as the members of the data response team, staff emails, or requests for SOC logs should also be documented.

This resource is part of the Community Services Block Grant (CSBG) Legal Training and Technical Assistance (T/TA) Center. It was created by Community Action Program Legal Services, Inc. (CAPLAW) in the performance of the U.S. Department of Health and Human Services, Administration for Children and Families, Office of Community Services Cooperative Agreement – Award Number 90ET0505-01. Any opinion, findings, conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. Department of Health and Human Services, Administration for Children and Families.