Chapter 4: Information Management and Privacy Risk Management

Data Breach Readiness Assessments

A data breach readiness assessment examines the risk of a breach plus the likelihood and severity of a personal data breach, weighing data type, technical safeguards (encryption, pseudonymization), effect on data subjects, and potential for malicious use or substantial physical damage.

Type and nature of personal data involved, particularly sensitive PI
Whether appropriate technical safeguards were applied (e.g., encryption, pseudonymization)
Whether the data subject will be directly or indirectly affected
Possibility that personal data can be maliciously used
Possibility of substantial damage on a physical level

Readiness vs incident response

A readiness assessment is forward-looking - it gauges likelihood and severity before an incident, so safeguards like encryption and pseudonymization can lower assessed severity in advance.

Key terms - quick answers

What is “Data breach readiness assessment”?

An assessment of the level of breach risk plus the likelihood and severity of a personal data breach.

What is “Pseudonymization”?

A technical safeguard that reduces identifiability of personal data, weighed when assessing breach severity.

← Information Security - CIA Triad and Control Types Global Perspective and Cross-Border Data Transfer Mechanisms →