data-breach-response-skills

Manages coordinated breach notification across multiple legal jurisdictions including EU member states (72-hour GDPR deadline), US state breach notification laws (varying timelines from 30 to 90 days), and other international regimes. Covers conflict resolution when notification timelines differ, lead supervisory authority determination, and parallel notification execution. Keywords: multi-jurisdiction, cross-border breach, notification coordination, GDPR, US state laws, international breach notification.

Conducts structured post-breach remediation using a lessons learned framework covering root cause remediation, control gap closure, policy updates, training modifications, monitoring enhancements, and regulatory follow-up. Provides a systematic approach to preventing breach recurrence and demonstrating accountability to supervisory authorities. Keywords: post-breach, remediation, lessons learned, root cause, control gap, policy update, training.

Builds a comprehensive breach response team playbook defining CSIRT and privacy team structure with named roles (incident commander, legal counsel, communications, IT forensics, DPO), escalation matrices, communication templates, pre-negotiated vendor contacts, and regulatory authority contacts organized by jurisdiction. Keywords: breach response playbook, CSIRT, incident response team, escalation matrix, communication templates, vendor contacts.

Determines whether a personal data breach triggers notification obligations under GDPR Articles 33 and 34 using structured risk assessment methodology. Covers breach type classification (CIA triad), data sensitivity scoring, volume assessment, identifiability analysis, and consequence severity evaluation. References EDPB Guidelines 01/2021 with 18 breach scenarios. Keywords: breach risk assessment, GDPR, Article 33, Article 34, EDPB, notification threshold.

Designs and executes tabletop breach simulation exercises for testing organizational breach response capabilities. Covers scenario creation with realistic inject timelines, participant role assignment, communication testing across internal and external channels, decision-point evaluation, and after-action report generation. Keywords: tabletop exercise, breach simulation, incident response testing, scenario design, after-action report.

Manages direct communication to affected data subjects following a personal data breach under GDPR Article 34 when the breach is likely to result in a high risk to their rights and freedoms. Covers the high risk threshold, required notification content per Art. 34(2), exemptions under Art. 34(3), and breach notification letter templates for five scenarios. Keywords: data subject notification, Article 34, high risk, breach communication, GDPR.

Executes breach notification under California Civil Code Section 1798.82 (California data breach notification law). Covers data elements triggering notification, timing requirements (most expedient time possible), AG notification for 500+ California residents, specific content and format requirements, and substitute notice provisions. Keywords: California, breach notification, Cal. Civ. Code 1798.82, attorney general, CCPA, data elements.

Executes breach notification under HIPAA Breach Notification Rule (45 CFR 164.400-414). Covers 60-day individual notification, HHS/OCR reporting for breaches of 500+ individuals (immediate) and under 500 (annual log), state attorney general notification, media notification for 500+ in a single state, and breach risk assessment using the four-factor test. Keywords: HIPAA, breach notification, PHI, HHS, OCR, covered entity, business associate.

Executes the GDPR Article 33 mandatory breach notification to the supervisory authority within 72 hours of becoming aware of a personal data breach. Covers required notification content, deadline calculation, risk assessment for notification threshold, and DPO involvement. Keywords: GDPR, Article 33, breach notification, 72 hours, supervisory authority, DPO, EDPB.

Coordinates credit monitoring and identity theft protection services for individuals affected by a data breach. Covers vendor selection criteria, enrollment logistics, coverage duration (12-24 months), identity theft insurance options, communication to affected individuals, and enrollment rate tracking. Keywords: credit monitoring, identity protection, breach response, Experian, enrollment, identity theft insurance.

Implements technical breach detection capabilities including SIEM integration, DLP alert configuration, anomaly detection rules, and insider threat monitoring. Provides a breach classification taxonomy across confidentiality, integrity, and availability dimensions. Covers detection tool selection, alert tuning, and integration with privacy incident response workflows. Keywords: breach detection, SIEM, DLP, anomaly detection, insider threat, classification.

Maintains the GDPR Article 33(5) breach register documenting all personal data breaches regardless of whether supervisory authority notification was required. Covers mandatory register fields including facts, effects, and remedial actions, retention periods, audit readiness, and integration with the accountability framework. Keywords: breach register, Article 33(5), breach documentation, accountability, audit readiness, remedial actions.

Conducts digital forensics investigations following a personal data breach, covering evidence preservation, chain of custody documentation, log analysis, scope determination, and root cause analysis. References industry-standard tools including Splunk, ELK Stack, and Wireshark. Provides forensic workflow from initial evidence collection through final investigation report. Keywords: digital forensics, breach investigation, evidence preservation, chain of custody, root cause analysis, Splunk, ELK, Wireshark.