Educause Security Discussion mailing list archives
FW: Sample Notification Letter to Affected Parties related to IT Data Breaches
From: "Childe, Kerry" <kerry.childe () TGSLC ORG>
Date: Thu, 3 Jan 2013 08:48:47 -0600
It's also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel's office regarding whether your letter meets those requirements. Kerry L. Childe, CIPP/US Senior Privacy and Regulatory Counsel TG P.O. Box 83100 Round Rock, Texas 78683-3100 512.219.2921 800.252.9743 x 2921 kerry.childe () tgslc org<mailto:kerry.childe () tgslc org> ACC IT, Privacy, and eCommerce Committee Vice Chair From: Cathy Hubbs [mailto:hubbs () AMERICAN EDU] Sent: Wednesday, January 02, 2013 12:47 PM Subject: Re: Sample Notification Letter to Affected Parties related to IT Data Breaches Carlos, The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit Section 2 discusses constructing a Data Notification letter and includes links to several University's samples. Best wishes, Cathy Cathy Hubbs Chief Information Security Officer Office of Information Technology American University From: Carlos Lobato <clobato () NMSU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU, Date: 01/02/2013 01:39 PM Subject: [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> ________________________________ All, We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties. If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us. Thanks in advance, Carlos Carlos S. Lobato, CISA, CIA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003 Phone (575) 646-5902 Fax (575) 646-5278
Current thread:
- Sample Notification Letter to Affected Parties related to IT Data Breaches Carlos Lobato (Jan 02)
- Re: Sample Notification Letter to Affected Parties related to IT Data Breaches Cathy Hubbs (Jan 02)
- <Possible follow-ups>
- FW: Sample Notification Letter to Affected Parties related to IT Data Breaches Childe, Kerry (Jan 03)
- Re: Sample Notification Letter to Affected Parties related to IT Data Breaches Berman, Mark (Jan 03)