Re: Sample Notification Letter to Affected Parties related to IT Data Breaches

["Berman, Mark" <mberman () SIENA EDU>]

Carlos,


You should check with your state Attorney General's office. When I worked
in Massachusetts there was specific language that was required under state
law. Now, Massachusetts has one of the strictest laws nationally on data
breach, but New Mexico might have something to say also!  :)



 - Mark
--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
*Siena College is a learning community advancing the ideals of a liberal
arts education, rooted in its identity as a Franciscan and Catholic
institution.
*
*CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy
all copies of the original message.*



-------- Carlos Lobato said:

All,



We are in the process of establishing a policy, plan and procedures related
to *computer security incidents and data breaches* and as part of our
procedures we would like to include a sample notification letter to
affected parties.  If your institution has a sample letter that you have
sent in the past to affected parties and consider it a best practice we
would appreciate it if you would share a copy of said sample letter with us.



Thanks in advance,



Carlos



*Carlos S. Lobato, CISA, CIA*

*IT Compliance Officer*

**

*New Mexico State University*

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003



Phone (575) 646-5902

Fax (575) 646-5278