You've just had a call from IT: some records have been 'compromised'. It's not clear whether that means a few spelling mistakes or that the details of your entire customer base are being touted around on a memory stick in the Russian badlands. So what now?
Have a plan. Don't wait until you've already suffered a significant data breach to start working out how you are going to respond. Scenario development and wargaming are two of the techniques commonly deployed to help in planning for a crisis. You need to identify the response teams, understand where the impact will be felt, and have advisers lined up to help.
Get the measure of it. Priority one is to understand what's happened and the extent of the data loss. 'A data security breach can happen for a number of reasons,' says the Information Commissioner's Office (ICO). These include: loss or theft of data, hackers, unauthorised use or equipment failure. 'Establish whether there is anything you can do to recover any losses and limit the damage the breach can cause,' says the ICO.