Use when performing data loss incident response — data loss and data corruption incident response playbook covering immediate containment, impact assessment, recovery procedures from backups and replicas, data integrity verification, customer notification, and preventive measures. Guides teams through the critical decisions required when data is lost, corrupted, or inadvertently modified.
Data Type: {{ data_type }} Description: {{ incident_description }} System: {{ database_system }}
Before investigating, prevent further data loss:
| Severity | Criteria |
|---|---|
| SEV1 | Production data permanently lost, no backup, customer-facing |
| SEV1 | Active data corruption spreading to replicas/backups |
| SEV2 | Data lost but recoverable from backup within hours |
| SEV2 | Data corruption contained, not spreading |
| SEV3 | Non-critical data lost, minimal customer impact |
| SEV3 | Data recoverable from alternative sources |
| Question | Answer |
|---|---|
| Is this PII/sensitive data? | yes/no |
| Is this financial/transactional data? | yes/no |
| Is this user-generated content? | yes/no |
| Is this system configuration? | yes/no |
| Regulatory implications? | GDPR/HIPAA/PCI/none |
| Shortcut | Counter | Why |
|---|---|---|
| "We can skip some steps for this case" | Adapt the workflow steps, don't skip them | Skipped steps are where incidents and oversights originate |
| "The user seems to already know what to do" | Complete all workflow phases with the user | The workflow catches blind spots that experience alone misses |
| "This is a minor case, full process is overkill" | Scale the process down, don't turn it off | Minor cases become major when unstructured; the process scales, not disappears |
| "I'll fill in the details later" | Complete each section before moving on | Deferred details are forgotten; real-time capture is more accurate |
| "The template output isn't necessary" | Always produce the structured output format | Structured output enables comparison, audit trails, and handoff to other teams |