{"id":7561,"date":"2025-09-24T08:30:00","date_gmt":"2025-09-24T13:30:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&#038;p=7561"},"modified":"2025-09-24T14:18:01","modified_gmt":"2025-09-24T19:18:01","slug":"incident-incoming-now-what","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/","title":{"rendered":"Incident Incoming\u2013Now What?"},"content":{"rendered":"\t\t<section id=\"block_284e3d60e68bde8a26c4640b82f9d83f\" class=\"resource-intro intro-simple\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<strong class=\"sub-title block uppercase\">Article<\/strong>\n\t\t\t\t\t\t\t\t\t\t<h1>Incident Incoming\u2013Now What?<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t<section id=\"block_bfa8a66e065cf6dc8464597eca52b03d\" class=\"columns-content\">\n\t\t<div class=\"container\">\n\t\t\t<div class=\"left\">\n\t\t\t\t\t\t<div class=\"person-wrap\">\n\t\t\t<a href=\"https:\/\/trustarc.com\/people\/val-ilchenko\/\">\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"110\" height=\"110\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/03\/people-val-ilchenko.png\" class=\"attachment-full size-full wp-post-image\" alt=\"\" \/>\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t<strong class=\"block name\">Val Ilchenko<\/strong>\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"block position\">General Counsel &amp; Chief Privacy Officer, TrustArc<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/a>\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t<div class=\"middle\">\n\t\t\t\t<div class=\"content\">\n\t\t\t\t\t<h2>Privacy PowerUp #17<\/h2>\n<p>If data privacy had a disaster movie, <a href=\"https:\/\/youtu.be\/OT8S3xaRnl0\" target=\"_blank\" rel=\"noopener\">incident response<\/a> would be the all-star hero team suiting up in the first act\u2014ready to triage, contain, and clean up the digital fallout before the final credits roll.<\/p>\n<p>But behind the headlines of breaches and billion-dollar fines are real professionals (privacy, legal, compliance, and security pros) grinding in high-pressure moments, managing chaos with cool heads, and helping their organizations recover and rebuild. This article is your practical walkthrough of how to prepare for and respond to privacy incidents before you\u2019re starring in a breach story of your own.<\/p>\n<h2>Not every privacy incident is a data breach<\/h2>\n<p>Here\u2019s where we start strong: <strong>not every incident is a breach.<\/strong><\/p>\n<p>Let that sink in. Just because something feels urgent doesn\u2019t mean it triggers regulatory reporting. Still, every incident deserves serious attention, and systematic investigation and escalation.<\/p>\n<p>A<em> security incident<\/em> may threaten confidentiality, integrity, or availability of systems or data. Think of it like a digital fire alarm. But a <em>data breach<\/em> usually means someone accessed or disclosed personal or confidential data they shouldn\u2019t have. To determine if an incident is a breach? Investigation.<\/p>\n<p><strong>Examples that spark investigations:<\/strong><\/p>\n<ul>\n<li>An employee emails a sensitive file to the wrong contact.<\/li>\n<li>Your third-party vendor\u2019s system gets compromised.<\/li>\n<li>Internal documents are accidentally exposed via misconfigured file sharing.<\/li>\n<li>A laptop with unencrypted customer data is stolen.<\/li>\n<li>A ransomware attack hits (whether successful or not).<\/li>\n<\/ul>\n<p>Your <a href=\"https:\/\/trustarc.com\/resource\/creating-a-robust-data-incident-response-plan\/\" target=\"_blank\" rel=\"noopener\">incident response plan<\/a> should cover scenarios like these. If you don\u2019t have one yet, don\u2019t panic, read on. This article will help you understand the essential components and considerations that belong in an effective plan.<\/p>\n<h2>Key questions to start your privacy incident response<\/h2>\n<p>Like the disaster in our disaster movie, incidents can happen at the most inopportune time\u2013by showing up on long weekends, during board meetings, or right as you&#8217;re logging off on a Friday. When an incident occurs, start by asking these essential questions:<\/p>\n<ul>\n<li>What happened?<\/li>\n<li>When did it occur?<\/li>\n<li>What data or systems are involved?<\/li>\n<li>Has it been contained, or is there still an active threat?<\/li>\n<\/ul>\n<p>If your incident response plan uses a risk categorization model (e.g., \u201cP1\u201d for high priority), these questions will help determine the incident level.<\/p>\n<p>But hold off on conclusions. <strong>Gather facts first.<\/strong><\/p>\n<p>Categorization frameworks like NIST SP 800-61 help bring order to the chaos. Whether you follow Revision 2\u2019s four-phase lifecycle or <a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/61\/r3\/final\" target=\"_blank\" rel=\"noopener\">Revision 3\u2019s six functions<\/a>, structure beats guesswork every time.<\/p>\n<h2>How to assess the impact of a privacy incident<\/h2>\n<p>After an incident has been identified, it\u2019s time to scope the blast radius\u2014a metaphorical measure of how far the damage might spread.<\/p>\n<p>Ask:<\/p>\n<ul>\n<li><strong>Whose data is impacted?<\/strong> (Customers? Employees? Vendors?)<\/li>\n<li><strong>What type of data?<\/strong> (Names? SSNs? Medical info? Bank details?)<\/li>\n<li><strong>How is it stored?<\/strong> (Structured systems or unstructured files?)<\/li>\n<li><strong>How many records are affected?<\/strong><\/li>\n<li><strong>What\u2019s the risk?<\/strong> (Legal? Reputational? Harm to individuals?)<\/li>\n<\/ul>\n<p>The deeper your understanding, the better you can guide your response and meet your legal and contractual duties.<\/p>\n<h2>Legal and regulatory requirements for privacy incidents<\/h2>\n<p>Regulatory obligations vary wildly depending on jurisdiction, industry, and data type. And you\u2019re not just answering to regulators, your contracts matter too.<\/p>\n<h5>Examples:<\/h5>\n<ul>\n<li><strong>U.S. state laws<\/strong>: All 50 have breach notification laws. Most give you some leeway, but a few require swift action.<\/li>\n<li><strong>GDPR (EU\/UK)<\/strong>: Requires notification to data protection authorities within 72 hours of awareness if there\u2019s likely risk to individuals.<\/li>\n<li><strong>HIPAA<\/strong>: \u201cWithout unreasonable delay,\u201d no later than 60 days.<\/li>\n<li><strong>Customer contracts<\/strong>: May have stricter timeframes and could require notice timeframes as short as 24 hours.<\/li>\n<\/ul>\n<p>Translation? <strong>Know your timelines. Know your contracts.<\/strong> If you\u2019re a processor or service provider, you may also have to inform your customers first, who then determine how and when to notify end users.<\/p>\n<h2>How to coordinate privacy incident response across teams<\/h2>\n<p>Say it with us: Incident response is not a solo sport.<\/p>\n<p>You need:<\/p>\n<ul>\n<li><strong>Legal<\/strong> to advise on liability and communications<\/li>\n<li><strong>Security<\/strong> to investigate and contain threats<\/li>\n<li><strong>Engineering<\/strong> or product if software systems are involved<\/li>\n<li><strong>Comms and Marketing<\/strong> if the issue touches customers or brand trust<\/li>\n<li><strong>HR<\/strong> if employee data is affected<\/li>\n<li><strong>Leadership<\/strong> to make strategic decisions<\/li>\n<\/ul>\n<p>Also, involve counsel early, especially when forensic investigations or law enforcement are involved. And don\u2019t forget cyber insurance. Some policies require notification within hours to stay covered.<\/p>\n<p>Be mindful of communications. Minimize email threads. Assume everything may be reviewed later. Understand attorney-client privilege and what could become discoverable. Document just enough and share only what&#8217;s necessary.<\/p>\n<h2>When to notify regulators and individuals after a data breach<\/h2>\n<p>If you determine the incident is a <strong>notifiable breach<\/strong>, the countdown begins. Triggers may include:<\/p>\n<ul>\n<li>Regulatory thresholds (e.g., GDPR\u2019s \u201clikely risk\u201d to individuals)<\/li>\n<li>Contractual obligations<\/li>\n<li>Ethical considerations or optics<\/li>\n<\/ul>\n<p>When notifying:<\/p>\n<ul>\n<li><strong>Follow local laws.<\/strong> Some jurisdictions specify required content and delivery formats.<\/li>\n<li><strong>Be clear, factual, and empathetic.<\/strong><\/li>\n<li><strong>Offer support<\/strong> like call centers or credit monitoring if needed.<\/li>\n<li><strong>Tailor messages<\/strong> to each audience\u2014regulators, impacted individuals, business partners, and the public.<\/li>\n<\/ul>\n<p>Remember: Your message is a reflection of your brand. Own the moment with poise and transparency.<\/p>\n<h2>Post-incident reviews: How to strengthen your privacy program<\/h2>\n<p>The incident\u2019s resolved. Everyone\u2019s exhausted. But the job isn\u2019t done yet. Do a post-incident review. <strong>Document<\/strong>:<\/p>\n<ul>\n<li>What happened<\/li>\n<li>Who was involved<\/li>\n<li>What was done, when, and why<\/li>\n<li>What went well and what didn\u2019t<\/li>\n<\/ul>\n<p><strong>Use metrics like:<\/strong><\/p>\n<ul>\n<li>Detection-to-resolution time<\/li>\n<li>Notification delays<\/li>\n<li>Number of records impacted<\/li>\n<\/ul>\n<p>Feed these insights back into your incident response plan, <a href=\"https:\/\/trustarc.com\/resource\/mastering-privacy-tabletop-exercises\/\" target=\"_blank\" rel=\"noopener\">run new tabletop exercises<\/a>, and revise training. Think of it like a post-credit scene setting you up for a better sequel.<\/p>\n<h2>Why a privacy incident response plan is essential<\/h2>\n<p>An incident response plan isn\u2019t just a box to check. It\u2019s your battle plan, your lifeline, and the tool you\u2019ll rely on when everything else goes offline.<\/p>\n<p><strong>A strong incident response plan should include:<\/strong><\/p>\n<ul>\n<li>Response team members and their roles<\/li>\n<li>Categorization and triage process<\/li>\n<li>Escalation paths and notification triggers<\/li>\n<li>Documentation and communication templates<\/li>\n<li>Playbooks for different incident types<\/li>\n<li>Legal and regulatory reference points<\/li>\n<li>Periodic testing (at least annually)<\/li>\n<\/ul>\n<p>Run tabletop exercises with privacy, legal, comms, security, and execs. Simulate ransomware attacks, accidental disclosures, or vendor breaches. See how your team performs and improve from there.<\/p>\n<h3>Keep calm and incident-response on<\/h3>\n<p>Privacy incidents will happen. That\u2019s not a threat\u2014it\u2019s a reality. But chaos doesn\u2019t have to become a catastrophe. With a strong privacy incident response plan in place, you shift from reactive scrambling to proactive leadership. You move from uncertainty to alignment, from risk to resilience.<\/p>\n<p>The real win isn\u2019t just checking boxes or hitting notification deadlines. It\u2019s building trust internally with your colleagues and externally with your customers, partners, and regulators. It\u2019s about showing that when the pressure\u2019s on, your organization doesn\u2019t just respond. It rises.<\/p>\n<p>So prep your playbook, run your drills, know your contracts, thresholds, and team, and when the next incident comes knocking at the least convenient time (and it will), you\u2019ll be ready not just to respond but to lead.<\/p>\n<p>Because in the privacy profession, heroism isn\u2019t about capes. It\u2019s about consistency, clarity, and having the right plan in place before you need it.<\/p>\n<h5>Continue mastering the privacy essentials by reviewing all the resources in the Privacy PowerUp series.<\/h5>\n\t\t\t\t\t\t\t\t\t<div class=\"question-box-multiple\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-dark\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Checklist_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Privacy Incident Response: From Panic to Prepared<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/privacy-incident-response-playbook\/\" target=\"_blank\" rel=\"noreferrer\" class=\"cta\">View now<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-dark\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_High-Performance_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>PowerUp Your Privacy<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400\">Watch all the videos in the Privacy PowerUp series \u2013 designed to help professionals master the privacy essentials.<\/span><\/p>\n<a href=\"https:\/\/trustarc.com\/resource\/privacy-powerup-series\/\" target=\"_blank\" rel=\"noreferrer\" class=\"cta\">Watch now<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<p><strong>Read more from the Privacy PowerUp Series:<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/trustarc.com\/resource\/getting-started-in-privacy\/\">Getting Started in Privacy<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/data-collection-minimization-retention-deletion-necessity\/\">Data Collection, Minimization, Retention, Deletion, and Necessity<\/a><\/li>\n<li><a href=\"\/resource\/building-data-inventory-mapping-ropa\/\">Building a Data Inventory, Mapping, and Records of Processing Activities (ROPA)<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/understanding-individual-rights\/\" target=\"_blank\" rel=\"noopener\">Understanding Data Subject Rights (Individual Rights) and Their Importance<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/privacy-contracting-foundations\/\" target=\"_blank\" rel=\"noopener\">The Foundation of Privacy Contracting<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/choice-consent-data-privacy\/\" target=\"_blank\" rel=\"noopener\">Choice and Consent: Key Strategies for Data Privacy<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/international-data-transfers-onward-transfers\/\" target=\"_blank\" rel=\"noopener\">Managing the Complexities of International Data Transfers and Onward Transfers<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/emerging-technologies-privacy-ai-machine-learning\/\" target=\"_blank\" rel=\"noopener\">Emerging Technologies in Privacy: AI and Machine Learning<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/privacy-program-management-buy-in-governance-hierarchy\/\" target=\"_blank\" rel=\"noopener\">Privacy Program Management: Buy-In, Governance, and Hierarchy<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/managing-privacy-across-organization\/\" target=\"_blank\" rel=\"noopener\">Managing Privacy Across the Organization<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/assess-the-risk-before-it-hits\/\" target=\"_blank\" rel=\"noopener\">Assess the Risk Before it Hits<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/contracts-that-count-data-processing-agreement\/\" target=\"_blank\" rel=\"noopener\">Contracts that Count: Mastering the 10 Most Negotiated Provisions in a Data Processing Agreement<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/selling-sharing-personal-information\/\" target=\"_blank\" rel=\"noopener\">Selling and Sharing Personal Information<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/privacy-approved-vendor-management-program\/\" target=\"_blank\" rel=\"noopener\">Building a Privacy-Approved Vendor Management Program<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/tracking-technologies-adtech-privacy-minefield\/\" target=\"_blank\" rel=\"noopener\">Tracking Technologies: The Hidden Backbone of AdTech and the Looming Privacy Minefield<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/data-inventory-next-level-classification\/\" target=\"_blank\" rel=\"noopener\">Data Inventory: Next-Level Classification for Privacy Professionals<\/a><\/li>\n<li><a href=\"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/\" target=\"_blank\" rel=\"noopener\">Incident Incoming\u2013Now What?<\/a><\/li>\n<\/ol>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"right sm\">\n\t\t\t\t<div class=\"share-it\">\n\t\t\t\t\t<strong class=\"title block uppercase\">Follow us<\/strong>\n\t\t\t\t\t<div class=\"soc-list\">\n\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/company\/trustarc\/\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/li-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"\nhttps:\/\/twitter.com\/TrustArc\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/tw-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"javascript:;\" id=\"copy-url\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/link-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<span class=\"copied\" style=\"display:none;\">Link Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"key-topics\">\n\t\t\t\t\t\t<strong class=\"title block uppercase\">Key Topics<\/strong>\n\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/enterprise-data-protection\/\" class=\"badge\">Enterprise Data Protection<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/privacy-governance\/\" class=\"badge\">Privacy Governance<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/risk-management\/\" class=\"badge\">Risk Management<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"cta-area\">\n\t\t\t\t\t<p>Get the latest resources sent to your inbox<\/p>\n\t\t\t\t\t<a href=\"\/subscription-center\/\" class=\"cta\">Subscribe<\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t<section id=\"block_6480bd1421ac78bb796cc9ec07e0eda7\" class=\"resource-section\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<div class=\"resource-head\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2>Related resources<\/h2>\n\t\t\t\t\t\t\t<a href=\"\/resources\/\" target=\"_blank\" rel=\"noreferrer\" class=\"cta block\">View all resources<\/a>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<div class=\"two-columns\">\n\t\t\t\t\t\t<div class=\"left\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/privacy-powerup-series\/\" class=\"resource-single \">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"560\" height=\"140\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-pink-test-560x140.png\" class=\"attachment-560x140 size-560x140 wp-post-image\" alt=\"\" srcset=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-pink-test-560x140.png 560w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-pink-test-300x75.png 300w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-pink-test.png 610w\" sizes=\"auto, (max-width: 560px) 100vw, 560px\" \/>\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Webinars and Videos<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h3>Privacy PowerUp Series<\/h3>\n\t\t\t\t\t\t\t\t\t<p>Are you a compliance pro, lawyer, or just curious about privacy? The Privacy PowerUp series is the perfect launchpad for mastering all of the privacy essentials.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><div class=\"right\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/privacy-powerup-privacy-program-management\/\" class=\"resource-single \">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"560\" height=\"140\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-woven-gray-560x140.png\" class=\"attachment-560x140 size-560x140 wp-post-image\" alt=\"\" srcset=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-woven-gray-560x140.png 560w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-woven-gray-300x75.png 300w, https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-woven-gray.png 610w\" sizes=\"auto, (max-width: 560px) 100vw, 560px\" \/>\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">eBooks<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h3>Privacy PowerUp<\/h3>\n\t\t\t\t\t\t\t\t\t<p>Master data privacy essentials with the Privacy PowerUp eBook. Learn strategies, common regulations, and key insights to advance your career and protect data.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t","protected":false},"excerpt":{"rendered":"<p>Master privacy incident response: what to ask, who to involve, and how to lead before your breach becomes front-page news.<\/p>\n","protected":false},"featured_media":1259,"template":"","topic-resource":[57,56,68],"type-resource":[6],"class_list":["post-7561","resource","type-resource","status-publish","has-post-thumbnail","hentry","topic-resource-enterprise-data-protection","topic-resource-privacy-governance","topic-resource-risk-management","type-resource-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Incident Incoming\u2013Now What? | TrustArc<\/title>\n<meta name=\"description\" content=\"Master privacy incident response: what to ask, who to involve, and how to lead before your breach becomes front-page news.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/incident-incoming-now-what\\\/\",\"url\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/incident-incoming-now-what\\\/\",\"name\":\"Incident Incoming\u2013Now What? | TrustArc\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/incident-incoming-now-what\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/incident-incoming-now-what\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-rect-purple-test.png\",\"datePublished\":\"2025-09-24T13:30:00+00:00\",\"dateModified\":\"2025-09-24T19:18:01+00:00\",\"description\":\"Master privacy incident response: what to ask, who to involve, and how to lead before your breach becomes front-page news.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/trustarc.com\\\/resource\\\/incident-incoming-now-what\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/incident-incoming-now-what\\\/#primaryimage\",\"url\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-rect-purple-test.png\",\"contentUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-rect-purple-test.png\",\"width\":610,\"height\":152},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\",\"url\":\"https:\\\/\\\/trustarc.com\\\/\",\"name\":\"TrustArc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/trustarc.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Incident Incoming\u2013Now What? | TrustArc","description":"Master privacy incident response: what to ask, who to involve, and how to lead before your breach becomes front-page news.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/","url":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/","name":"Incident Incoming\u2013Now What? | TrustArc","isPartOf":{"@id":"https:\/\/trustarc.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/#primaryimage"},"image":{"@id":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/#primaryimage"},"thumbnailUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-purple-test.png","datePublished":"2025-09-24T13:30:00+00:00","dateModified":"2025-09-24T19:18:01+00:00","description":"Master privacy incident response: what to ask, who to involve, and how to lead before your breach becomes front-page news.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trustarc.com\/resource\/incident-incoming-now-what\/#primaryimage","url":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-purple-test.png","contentUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-purple-test.png","width":610,"height":152},{"@type":"WebSite","@id":"https:\/\/trustarc.com\/#website","url":"https:\/\/trustarc.com\/","name":"TrustArc","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustarc.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource\/7561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/types\/resource"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media\/1259"}],"wp:attachment":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media?parent=7561"}],"wp:term":[{"taxonomy":"topic-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/topic-resource?post=7561"},{"taxonomy":"type-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/type-resource?post=7561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}