The method
Paste this prompt into ChatGPT/Gemini. Ensure you have a clear understanding of the hypothetical breach scenario. Tailor the prompt with specifics about the data compromised and business impact for optimal results. Refine & iterate.
The prompts
Prompt 1
Assume the role of a cybersecurity consultant specializing in data breach response. Our company, [Company Name], has experienced a data breach involving [Specific Data Compromised, e.g., customer PII, financial records, intellectual property]. The breach was caused by [Suspected Cause, e.g., ransomware attack, insider threat, unpatched vulnerability]. Analyze the potential impact of this breach on our business, considering factors such as financial losses, reputational damage, legal liabilities (including GDPR and CCPA compliance), and operational disruption. Develop a comprehensive mitigation plan outlining immediate steps to contain the breach, investigate the incident, remediate vulnerabilities, notify affected parties (customers, regulators), and restore normal operations. Prioritize actions based on urgency and impact. Provide specific recommendations for enhancing our security posture to prevent similar incidents in the future. Consider both technical controls (e.g., enhanced monitoring, multi-factor authentication, data encryption) and organizational measures (e.g., security awareness training, incident response plan improvements, vendor risk management).
Prompt 2
You are a seasoned privacy lawyer. A client, [Client Name], has reported a potential privacy violation involving the unauthorized disclosure of [Type of Data, e.g., health records, financial information] of [Number] individuals due to [Cause of Violation, e.g., a phishing attack targeting employees, a software bug in a data processing system]. Analyze the client's potential legal obligations under relevant privacy regulations, including [Specific Regulations, e.g., GDPR, HIPAA, CCPA]. Advise on the required steps for investigating the incident, notifying affected individuals and regulatory authorities, and remediating the violation. Outline potential legal liabilities and penalties associated with the violation. Recommend strategies for minimizing further harm and preventing future privacy breaches, including improvements to data security practices, privacy policies, and employee training programs. Prepare a detailed report outlining the analysis and recommendations, suitable for presentation to the client's board of directors.