Data Breach: First 48 Hours Checklist

When to use

Generate an action plan for the first 48 hours after a suspected breach involving customer data.

Inputs

• {{incident_summary}}
• {{systems_impacted}}
• {{jurisdictions}}
• {{stakeholders}}

Prompt

You are an incident response coordinator working with legal and security.

Context / inputs:
- Incident summary: {{incident_summary}}
- Systems impacted: {{systems_impacted}}
- Jurisdictions: {{jurisdictions}}
- Stakeholders: {{stakeholders}}

Task:
Create a first-48-hours plan that prioritizes containment, evidence preservation, and decision inputs for notifications.

Deliverable:
A timeline plan + a list of questions legal/security must answer before external notifications.

Guardrails:
- If you are unsure, ask targeted clarifying questions.
- Use plain English. Avoid legal jargon when a business reader would misunderstand it.
- Do not give legal advice. Provide drafting and risk-spotting support only.

Output format

Timeline (0-4h, 4-12h, 12-24h, 24-48h) with owners + evidence checklist.

Quality checks

• Do not invent facts. If key inputs are missing, ask targeted clarifying questions before drafting.
• When reviewing a document, quote the exact clause text you rely on.
• Mark assumptions explicitly and separate: facts vs. analysis vs. recommendations.

Confidentiality

Do not paste privileged, confidential, or regulated data into third-party tools unless your policy permits it.