Response should include
- acknowledging the breach immediately (remediate with stakeholders first)
- identifying the breach and explain how it occurred
- identifying the remedy.
Process/Skill Questions:
- Why is it important for companies to be honest from the start when a breach occurs?
- How does a company decide whom to notify of a breach?
- How does a company decide what the potential damage could be if information is misused?