The IT Law Wiki

External Breach Notification Policy and Plan

32,083pages on
this wiki
Add New Page
Add New Page Talk0

Citation Edit

U.S. Department of Education, External Breach Notification Policy and Plan (Departmental Directive OM:6-107) (2008) (full-text).

Overview Edit

This Directive establishes an external breach notification policy and plan for the U.S. Department of Education (ED). Based on this Directive, ED shall promptly and effectively determine whether or not to notify affected parties outside ED of a suspected or actual breach of personally identifiable information (PII) that ED maintains or processes. This policy applies to all PII maintained, collected, used, or disseminated by ED in any format. This plan also details the related procedures by which affected parties will be notified should such an event occur.

When a data breach involving PII occurs, ED will conduct a risk analysis. Based on this risk analysis ED will determine whether to notify individuals whose PII may have been involved in the breach and what steps if any ED will take to mitigate actual or potential harm.

Also on Fandom

Random Wiki