Employee Security Training

Reporting A Data Breach

Table of Contents

Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.

Data breaches occur in various manners and the specific definition of a data breach varies from company to company.

Please refer to your Company’s Information Security Policy for details on what the firm defines as a data breach and how to escalate/respond to it. Here, we cover general information about a data breach and steps you can take to report it.

What is a Data Breach?
Conventionally, people think of hackers, who use complex tools to access company systems and extract data, in relation to a breach. However, any unauthorized access to your company’s data may constitute a breach. Some examples include:

  • Employees leaving the company with sensitive information and no prior authorization.
  • A database with personal information of customers being available publicly (with no prior consent of customers)
  • Emailing company or customer information to the wrong party
  • Unauthorized access by cyber threat actors (aka hackers), who exfiltrate data and use it wrongfully with no consent from the company or its customers.

Notice that some breaches relate to company information, while others to personal data. You have an obligation to report both.

How can I report a data breach, and to whom should I report this?
Please note, based on your country of operation, reporting a data breach may be legally mandatory. The best ways to be sure of your responsibilities are to:

  • Refer to the cyber laws of the countries your company has operations in
  • Check with your IT team or your Company’s Data Protection Officer (DPO)
  • Visit the regulatory authority’s – typically Personal Data Protection Commission (PDPC) or its equivalent – website to learn of your responsibilities. Example – A tool like this, from the Singapore Government’s PDPC, is a relevant reference.

Generally, authorities get involved when the personal information of individuals is compromised. The best first step is to escalate any breach internally to your Management, who can then decide on appropriate next steps.

  • Employee Security Training
Srividhya Karthik

Srividhya Karthik is a seasoned content marketer and the Head of Marketing at Cyber Sierra. With a firm belief in the power of storytelling, she brings years of experience to create engaging narratives that captivate audiences. She also brings valuable insights from her work in the field of cybersecurity and compliance, possessing a deep understanding of the challenges and pain points faced by customers in these domains.

Find out how we can assist you in completing your compliance journey.

toaster icon

Thank you for reaching out to us!

We will get back to you soon.