← Docs

Recipe: Breach notification drafter

NOT legal advice

Ingredients

  • Incident date and discovery timestamp
  • Data categories exposed (PII, credentials, financial)
  • Affected user count and geographic scope
  • Remediation steps taken or in progress
  • Contact point for affected parties

Template

Subject: Security incident notification Dear [Name], We are writing to inform you of a security incident that may have involved your personal data. Date of incident: [DATE] Discovered: [DATE] Data involved: [CATEGORIES] What we are doing: - [REMEDIATION STEP 1] - [REMEDIATION STEP 2] What you can do: - [USER ACTION 1] - [USER ACTION 2] For questions, contact [EMAIL / PHONE]. We regret this occurred and are committed to improving our security posture. Sincerely, [ORGANIZATION NAME]

Regulatory triggers

GDPR72-hour deadline to supervisory authority
CCPANotification without unreasonable delay
HIPAA60-day deadline; media if 500+ affected
NIS224-hour early warning; 72-hour full notice
This template is a starting point. Consult qualified counsel before sending breach notifications.