Privacy Incident Runbook
Steps to respond if sensitive data is exposed or mishandled in an LLM workflow.
Publicado:
Admin User
Updated:
published
Privacy Incident Runbook
- Containment: stop leakage paths and freeze changes
- Identify scope: what data, who affected, where logged
- Preserve evidence for audit and remediation
- Communicate according to policy
- Prevent recurrence: strengthen boundaries and redaction
Related
PII Redaction Data Boundaries Governance & AuditabilityFAQ
What’s the first response to a privacy incident?
Containment: stop the leak path, freeze changes, and preserve evidence.
How do we define scope?
Identify what data types, which users, and where it was stored or logged.
When do we notify stakeholders?
Follow policy and legal requirements; document decisions and timelines.
What evidence should be collected?
Logs, versions, prompts, retrieval sources, access paths, and remediation steps.
What’s the key prevention control?
Enforced data boundaries + PII redaction with tests and audits.