A security incident is different from a data breach. The term breach is normally associated with an unauthorized disclosure of unprotected PII or PHI. Until a breach condition has been declared, the appropriate term to use is security incident.

If a breach condition is declared and there is a possibility it contains PII or PHI, then your Breach Notification Policy will need to be incorporated into the response.

Security Incident vs Breach.