What kind of breach could occur?
It's important to know how a breach can happen in order to reduce its risks and impacts. Assessing your data against common breach scenarios gives you a better understanding of how it could affect people, as well as insights into what protections and controls you can improve.
Why is this important?
The measures to safeguard information and affected individuals will vary based on the source of the breach and the risks associated with the personal data managed by an entity. Assessing different scenarios helps put in place the necessary controls to reduce the risks and impacts and create a thorough data breach response plan.
Human error: an unintended action that leads to a data breach. This can occur when someone unintentionally discloses information, such as sending a document to the wrong recipient.
Malicious or criminal attack: a malicious or criminal attack deliberately crafted to exploit known vulnerabilities for financial or other gain. This typically involves a cyber-attack against an information handling or storage systems.
System fault: a business or technology process error not caused by direct human error.
Unknown breach: unauthorised access to personal information, where the method, cause, or point of entry has not been identified with confidence.