Breach Notification
Breach notification is the legally or policy-mandated process of informing affected individuals, oversight authorities, and other stakeholders when personal or sensitive information is exposed, accessed, or disclosed without authorization.
Breach notification is the obligation to disclose a confidentiality incident once records containing personal, sensitive, or otherwise protected information are believed to have been compromised. It typically requires notifying the affected individuals, and often a regulator or oversight body, within a defined timeframe and with prescribed content, such as what happened, what information was involved, and what remedial steps are being taken.
In recordkeeping this matters because records are where the protected data actually lives. Sound retention and disposition practices reduce breach exposure by limiting how much sensitive information an organization holds and for how long; data kept past its retention period becomes liability with no business value. Accurate metadata and classification let responders quickly scope which records, and which people, a breach touched.
Distinguish notification from the incident itself: a security event becomes a notifiable breach only when it crosses a defined harm or sensitivity threshold. For example, losing an encrypted device may not trigger notice, while exposing an unencrypted file of names and identifiers usually does.