Data incidents happen. A pipelinepipelineAll active sales opportunities across the stages of the sales process, together with their combined potential value and probability of closing.View full definition → fails silently for six days and corrupts a financial report. A data breach exposes customer records. A model produces discriminatory outputs that reachreachThe number of unique people exposed to your message in a given period. Unlike impressions, reach counts each person once, no matter how often they see it.View full definition → the press. A regulatory audit uncovers a gap in data retention practices.
How the CDO responds to these incidents determines their long-term credibility more than any success story.
Not all data incidents are equal. A clear taxonomy helps triage and respond appropriately:
Data quality incident: Data is inaccurate, incomplete, or inconsistent. Example: revenue figures in the board report are wrong because a pipelinepipelineAll active sales opportunities across the stages of the sales process, together with their combined potential value and probability of closing.View full definition → silently failed. Impact: wrong decisions, loss of executive trust in data.
Data availability incident: Data is unavailable when needed. A warehouse outage during a quarterly close. Impact: operational disruption, delayed decisions.
Data security incident: Unauthorized access or exposure of sensitive data. Example: a misconfigured S3 bucket exposes customer PII. Impact: regulatory fines (GDPR can reachreachThe number of unique people exposed to your message in a given period. Unlike impressions, reach counts each person once, no matter how often they see it.View full definition → 4% of global annual revenue), reputational damage, customer trust loss.
Data governance incident: A process violation that creates regulatory risk. Example: data retained beyond its permitted period under GDPR. Impact: regulatory exposure, audit findings.
AI/model incident: A model produces harmful, discriminatory, or significantly incorrect outputs. Example: a pricing model that charges protected groups differently. Impact: legal liability, reputational damage, regulatory action.
Knowledge check
1. According to the lesson, what is the maximum GDPR fine that can result from a data security incident?
2. In the lesson's taxonomy, how is a 'data governance incident' defined?
3. The lesson states that if a CDO learns about a data quality incident from a business user, this signals what?
4. Select ALL the incident categories explicitly defined in the lesson's data incident taxonomy:
Sélectionnez toutes les réponses correctes.
5. Select ALL questions that the lesson identifies as part of the triage step in incident response:
Sélectionnez toutes les réponses correctes.
Every data organization needs a documented incident response playbook before incidents happen, not after.
Detection: How do you find out about incidents? Monitoring and alerting systems (data observability tools, security monitoring) should detect most incidents before users report them. A CDO who learns about a data qualitydata qualityThe degree to which data is fit for purpose: accurate, complete, consistent, timely, valid and unique. Poor quality data undermines analytics, reporting and AI.View full definition → incident from a business user has a monitoring gap.
Triage: What is the severity? Who is affected? Is sensitive data involved? Is there a regulatory reporting obligation? The triage framework determines the urgency and escalation path.
Containment: Stop the bleeding. If a pipelinepipelineAll active sales opportunities across the stages of the sales process, together with their combined potential value and probability of closing.View full definition → is producing bad data, pause it. If a security breach is ongoing, isolate the affected system. Speed matters, every minute of delay compounds the impact.
Investigation: Understand root cause. Not to assign blame, but to prevent recurrence. Who, what, when, why, how.
Remediation: Fix the immediate problem and the data it corrupted. This is often the most complex part, correcting data that has propagated through multiple downstream systems.
Communication: Who needs to know? Internal stakeholders (executives, affected teams), external stakeholders (regulators, customers), and when. Regulatory reporting deadlines (72 hours for GDPR security breaches) are non-negotiable.
Post-mortem: Within 2 weeks of resolution, a blameless post-mortem documents: what happened, what the root cause was, what was done to remediate, and what process changes prevent recurrence.
When an incident becomes public, a data breach reported in the press, an AI bias incident, the CDO's communication defines the organizational response:
Be first, be factual, be accountable: Organizations that communicate early (even with limited information) and take accountability fare better than those that communicate late, defensively, or inaccurately.
Don't speculate: "We don't yet know the full scope, but here's what we know: [facts]" is better than a confident assessment that turns out to be wrong.
Show the response: "Here's what we're doing" is more reassuring than "here's how bad it is." Stakeholders need to believe the problem is being managed.
Regulatory communication: GDPR requires notifying supervisory authorities within 72 hours of a personal data breach. Most CDOs have never done this. Rehearse the process before an incident.
The best incident response is prevention. Operational excellence in the data function:
Monitoring and alerting: Data observability tools that alert before users notice. Data freshness alerts, volume anomalies, schemaschemaA schema is the formal blueprint that defines how data is structured, named, typed, and related within a database, file, or message.View full definition → change detection.
Runbooks: Documented procedures for common failures. When an on-call engineer is paged at 2am, they need a runbook, not a problem to solve from scratch.
Disaster recovery: Tested recovery procedures for major platform failures. "We have backups" is not a recovery plan. "We ran a disaster recovery test last quarter with a documented RTO of 4 hours" is.
Tabletop exercises: Structured simulations of major incidents (data breach, major pipelinepipelineAll active sales opportunities across the stages of the sales process, together with their combined potential value and probability of closing.View full definition → failure, AI incident) with the executive team and response team. The first time you run the playbook should not be during an actual incident.
1. Quel type d'incident data déclenche une obligation de notification réglementaire dans les 72 heures sous RGPD ?
A) Un incident de qualité des données dans un rapport interne
B) Une violation de données sécuritaires exposant des données personnelles de clients
C) Une indisponibilité du data warehousedata warehouseA central repository that consolidates data from many source systems into a structured, query-optimized store designed for analytics, reporting, and business intelligence.View full definition → pendant une clôture comptable
D) Un modèle IA qui produit des résultats légèrement imprécis
Réponse: B
2. Dans la séquence de réponse à un incident data, quelle étape est souvent négligée mais critique pour la prévention des récidives ?
A) La détection
B) Le confinement
C) Le post-mortem blameless dans les 2 semaines suivant la résolution, documentant cause racine, remédiation et changements de process
D) La communication externe
Réponse: C
3. Pourquoi les organisations qui communiquent tôt lors d'un incident public s'en sortent-elles mieux que celles qui communiquent tard ?
A) Parce qu'elles ont plus d'informations disponibles tôt
B) Parce que la communication précoce (même avec information limitée) et la prise de responsabilité crcrThe percentage of visitors or prospects who complete a desired action (purchase, sign-up, contact form), calculated as conversions divided by total opportunities.View full definition →éent plus de confiance que la communication tardive ou défensive
C) Parce que les régulateurs sont plus indulgents avec elles
D) Parce qu'elles évitent les questions difficiles
Réponse: B