Which sequence should a PLM follow when faced with a data destruction incident affecting borrower data?

Handling borrower data destruction starts with stopping the damage. Containing the incident immediately prevents further data loss or exposure, which buys time to assess what happened and protect affected individuals. Once containment is achieved, notify the affected borrowers and relevant parties as required by privacy laws and policy so they can take protective steps and you meet legal and fiduciary obligations. After notification, work on recovering the data and restoring normal operations to resume business functions and maintain trust. Finally, review and strengthen security controls to prevent a similar incident in the future, closing any gaps that allowed the breach. Skipping containment or delaying notification can leave people more vulnerable or prolong exposure, and recovery or review without first stopping the incident would miss the chance to limit harm and ensure compliant, accountable action.