Consumer Data Breach Investigation Blueprint
This is intended as a model for adaptation by businesses when investigating a possible consumer data breach. Following the process outlined below helps determine and document whether a reportable breach occurred. The information in blue provides instruction and definitions, while the information in red is what must be documented and usually reported if a breach is found.
This is not intended to confer legal advice or establish an attorney-client relationship. You should work with legal counsel experienced with data security laws and regulations specific to your jurisdiction, organization, and industry. Specifically, California’s Consumer Privacy Protection (CPP) laws, on which this is based, may not be as comprehensive as those in your jurisdiction or applicable to your industry.