During an end-of-month audit, a junior data analyst notices that several sensitive personal records in the customer database have been altered without an approved change request or service ticket. The analyst confirms the unauthorized modification is still present and could indicate a broader breach. According to standard incident-response and data-governance procedures, which action should the analyst take next to make sure the proper authority is informed?
Deactivate user access to prevent further unauthorized changes and restore affected records
Log the discovered event in the departmental chat for discussion
Submit an official alert to the designated team responsible for data incidents
Immediately check with a supervisor before notifying any other management groups
Notifying the formally designated incident-response or data-incident team initiates the documented escalation workflow that ensures the breach is evaluated, contained, and reported to regulators or executives as required. Informal chat messages are easily missed or cannot be audited. Seeking a supervisor before any official notification can delay time-sensitive reporting deadlines. Taking technical containment or restoration steps before escalation can compromise forensic evidence and violate organizational response policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Who typically belongs to the designated team responsible for data incidents?
Open an interactive chat with Bash
Why is it important to involve the designated team before taking individual actions like deactivating user access?
Open an interactive chat with Bash
What kind of information should be included in an official alert about a data incident?