Good incident response involves nailing your timing – not going too fast or too slow.
On August 17th the Saskstchewan Information and Privacy Commissioner held that a health authority breached the Saskatchewan Health Information Privacy Act by failing to respond to an incident in a timely manner.
The Commissioner’s report does describe a dilatory response – with a discovery of “snooping” in mid October 2015, an investigation that led to a paid suspension at the end of January 2016, notification to the Commissioner at the end of February 2016, notification to the Commissioner towards the end of March that the breach was bigger than first reported and eventual notification to affected individuals in July 2016.
Think and don’t react, and you can even pause to momentarily to gain confidence in a next critical step, but always keep the ball moving.
Investigation Report 030-2016 (17 August 2016, Sask OIPC).