Version 2.1: May 2013
We also recommend reviewing the complementary Sensitive Data Exposure Incident Checklist |
To provide a toolkit with templates, tips, and examples that can be referred to during the process of notifying potential victims of data compromise.
The resources provided here cover a range of issues that commonly arise in the heat of the moment when responding to data incidents. If your institution has a data incident, you will find these templates helpful on topics such as building a press release, drafting a notification letter to potential victims, creating a website with information about the specific incident, preparing for the handling of hotline calls and frequently asked questions, and constructing a website with tips on preventing and dealing with identity theft. In addition, a selection of other resources have been gathered for your easy reference: federal and state legal requirements; sample college and university policies, procedures, and plans; suggestions for determining the threshold for notification (whether or not to notify); general resources on identity theft; and real-life accounts from colleges and universities who have completed one or more incident notification processes.
If you have suggestions for additional content, or materials you would like to add, please contact security-council@educause.edu.
These Data Incident Notification Templates provide sample materials for dealing with all aspects of a data incident.
Note that there are currently no federal requirements, but several bills are in varying stages of approval in Congress, so stay tuned.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).