Data Breach Response Guide & Toolkit (Global) 

 For a version of this guide tailored for Australian organisations, see Data Breach Response Guide & Toolkit (Australia)


This publication provides in-depth guidance and tools to assist in developing a data breach response management framework (DBRM Framework) in accordance with international standards.

For use by organisations globally, the text aims to enable entities to rapidly develop and implement robust DBRM Frameworks suited to their circumstances in a structured and methodical manner. It provides extensive guidance on the development of a:

  • Data Breach Management Policy (DBM Policy) – to establish a framework (eg policies, systems, controls and incident response team) for preparing for and managing incidents; and
  • Data Breach Response Plan (DBR Plan) – to establish procedures for managing incidents in a standardised manner and in accordance with regulatory obligations.

The guide provides comprehensive guidance on key steps that should be covered in a DBM Policy and a DBR Plan, including checklists and decision-making criteria to be used in assessing risks and determining remedial measures.

The guide contains a detailed sample DBM Policy and sample DBR Plan providing working examples of provisions, forms, procedures and processes that can be readily adapted to suit an organisation’s specific circumstances.

The guide also shows how DBRM Frameworks can be linked-in with pre-existing data security frameworks and mandatory data breach notification obligations.


     What constitutes a “data breach”?
     Statistics – Causes and costs of data breaches
     Key elements of a management framework
Data Breach Management Policy
     Checklist and guidance
          Scope of policy
          Data breach response team
          Register of data breach regulatory compliance obligations
          Register of data breach contractual obligations
          Register of data breach service providers
          Data inventory
          Detection, audit and response measures
          Incident reporting
          Prohibition on remedial measures by non-authorised personnel
          Data Breach Response Plan
          Data breach incident activity log
          Litigation preparation
          Staff training
          Hardcopy of Policy and Data Breach Response Plan
          Related policies and procedures
     Sample policy
Data Breach Response Plan
     Checklist and guidance
          Scope of plan
          Incident reporting
          Confirmation or denial of breach
          Preliminary assessment
          Evidence gathering
          Vulnerability elimination
          Assistance measures to affected individuals
          Communications plan
          Notification (Mandatory) – Individuals and data protection authorities
          Notification (Voluntary) – Individuals and data protection authorities
          Notification – Other authorities and regulatory bodies
          Notification – Other affected entities
          Brand recovery strategy
          Disciplinary action
          Post-incident review
          Sequence of steps
          Related policies and procedures
     Sample plan




by Presidian Legal Publications

This publication is authored by Presidian Legal Publications’ data privacy law writers. Presidian is a leading publisher of data privacy law resources in Australia, with extensive experience in publishing authoritative and up-to-date data privacy products for lawyers, government and businesses, including a loose-leaf subscription service, books, training workshops and online compliance training courses. With many of Presidian's services being developed in conjunction with some of Australia's most respected legal experts, Presidian has earned the reputation of a trusted provider of high-quality legal information products to the legal and business communities.


$AUD 525 including shipping (+GST for Australian customers only)

Multi-copy discounts

2 copies - 30%
3 copies - 35%
4+ copies - 40%

How to order

1. Order online

2. Download & fax form to 08 8180 1880 


This product is sold subject to the Standard terms for looseleafs and books.



Other data privacy products

> Data Breach Notification Scheme Guide & Toolkit
Data Breach Notification Scheme Training Workshop
Online Privacy Training 
Australian Privacy Law Handbook

 View Pffffff