top of page
dpo-bg2.jpg

Remediation Plan

Remediation
Plan

Immediate
Incident Handling

Communication and Notification

Review Policies & Implement Measures (data privacy, security, risk, compliance)

  • Provide a comprehensive report on the incident of data breach. Report includes no of data subjects involved, personal data being leaked, potential harm to data subjects.

  • Establish an incident handling team to manage the data breach investigation, containment, recovery process.

  • Implement measures to contain the data breach and prevent unauthorized access to the affected systems.

  • Prepare a communication plan, inform affected individuals about the data breach, provide guidance on necessary precautions and offer support.

  • Notify CPAO, coordinate and prepare official statement for internal and external distribution for consistent messages.

  • Establish (if necessary) a dedicated email address and phone number to handle inquiries and support for affected individuals.

  • Report to PCPD and/Police.

  • Implement additional measures such as encryption, EDR solution to protect sensitive data and ensure data integrity.

  • Attend or re-attend to complete mandatory personal data protection and security training for all members in faculty / department / centre.

  • Data Protection Coordinator/s and administrative staff are assigned to promote data protection and security awarenesss according to HKU practice.

  • Always refer to HKU data protection practices – ISDM, Code of Practice, Privacy Policy Statement, Data Protection Principles; considering extending improvement measures and good practices in the faculty / department / centre.

  • Update data protection measures status with DPO office for filing regularly.

Containment measures may include:

  • Stopping the system if the data breach is caused by system failure

  • Changing the users’ passwords and system configurations to control access and use

  • Consider whether technical advices or assistance be immediately sought internally or from outside to remedy the system loopholes and/or stop the hacking

  • Ceasing or changing the access rights of individuals suspected to have committed or contributed to the data breach

  • Notifying the relevant law enforcement agencies if identity theft or other criminal activities were or likely to be committed

The potential harm caused by the data breach may include:

  • Threat to personal safety

  • Identity theft

  • Financial loss

  • Humiliation or loss of dignity, damage to reputation or relationship

  • Loss of business and employment opportunity

bottom of page