1) Organizations should plan their breach response before a breach occurs to address legal, business, and technology differences. 2) An effective breach response plan should define what constitutes a breach, determine who has authority to declare one, and outline the response process. 3) The plan should address legal notification requirements, forensic investigation procedures, data governance policies, and relationship building with law enforcement.