When a data breach incident has occurred, the first priority is to determine how to contain the breach. Containment means stopping or minimizing the further loss or unauthorized disclosure of personal data, as well as preserving evidence for investigation and remediation. Containment may involve isolating affected systems, devices, or networks; changing access credentials; blocking malicious IP addresses; or notifying relevant parties such as law enforcement or security experts. After containing the breach, the next steps are to assess the impact and severity of the breach, notify the affected individuals and authorities if required, evaluate the causes and risks of the breach, and implement measures to prevent future breaches1, 2. References: CIPM - International Association of Privacy Professionals, Free CIPM Study Guide - International Association of Privacy Professionals