Recommendation 5.
Managing data breaches
|
A data breach is when data or private information is shared when it should not be or is stolen from a secure computer system. |
The same set of rules should be for all parts of the government that work on the data asset. The rules should be clear so that all people that use the data know what they must do. |
|
|
The rules should be clear on who should be told when data is used the wrong way like:
The rules should also say who will tell people when data is used in the wrong way. |
Response
|
We agree. |
|
We will consider this recommendation when we make a document called the Data Breach and Incident Response Framework. A framework is a plan for how things should work. |
|
The framework will say:
|
All organisations who share data must have:
They need to follow rules in the Data Availability and Transparency Act 2022. |
|
|
The Office of the National Data Commissioner could also do checks to make sure things are being done to meet the laws and rules. |
The framework should be done by June 2024. |