The clock starts before the paperwork is perfect
Breach operations need rapid triage, evidence preservation, severity scoring, regulator communication, and internal owner alignment.
Breach notification and incident evidence
Prepare a 72-hour breach workflow with severity scoring, NDPC-ready reports, affected-subject communication, and post-incident review.
Plain English
What the chapter means in practice.
Operational takeaway
Run breach response from a workflow that preserves every decision, timestamp, draft, attachment, and post-incident mitigation.
Checklist
What to document.
- Define severity levels and notification thresholds.
- Create a 72-hour clock and escalation owner.
- Link incident evidence, NDPC reports, subject comms, and lessons learned.
Related workflows