What would you do if you received a phone call in the middle of the night saying that one of your databases had been hacked and data released? Do you know what to do as a first responder? There’s a report from Dark Reading that talks about some of the things you might want to consider.

Crisis situations, and this is definitely one, require some planning and thought ahead of time. You ought to have some sort of “run book” similar to the one you have for disaster recovery, that helps you decide how to handle the situation. Unlike many troubleshooting situations, rebooting a server might be the worst thing you can do.

I used to think that database people were more insulated from responding to these types of crisis situations. It seemed early in my career that we would be backups for the system administrators, and not necessarily need to respond to a midnight call. However the last 5 years have shown that this type of call is more and more likely for all data professionals.

As we store more and more data, of great importance to the organization, we should be more prepared to respond to these types of incidents. Financial, identity, medical, and other types of data are becoming mixed in with all sorts of business data. As we build warehouses and transfer data among more systems, the likelihood we have data needing strong protections increases.

At the very least, we must educate ourselves on our legal responsibilities as the data profession moves forward. More and more laws are being passed and regulations applied to data, and a good data professional in the future needs to be aware of their responsibilities in this area.

Steve Jones