Like the Data Protection Act that will aim to unite EU Law, Cyber Security should and now almost does have guidance for 'Data Breaches'.

Although the changes that will come with the anticipated DP update, Cyber Security lurks in the realms of IT Security, Data Protection and business continuity at the same time, so requires it's own little ray of sunlight to shine and help improve the fight against Cyber Criminals...

People see having to report a Data Breach as a admission of guilt and failure, giving ammo to a loaded gun against your or the company's reputation.  

A comment I read recently, "There are two types of breaches, one thats have been discovered and the ones that haven't." Meaning we have all more than likely been breached, but don't even know it, and being an IT Consulting Manager, scares even me.

My personal view, and I will have to no doubt put this into action one day, if there is a data breach

  1. Acknowledge it
  2. Report it as soon as possible
  3. Make clients affected aware, show you care and take responsibility
  4. Identify how it occurred and put in safeguards to stop it occurring again
  5. go to the press and tell them what has happened in a managed fashion. That they are aware anyone can have their data breached, and explain all the positive things in place and safe guards you have already done to stop a Data Breach
  6. Identify how it occurred and put in safeguards to stop it occurring again
  7. Keep your fingers crossed it doesn't!