Fandom

The IT Law Wiki

External Breach Notification Policy and Plan

32,181pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Citation Edit

U.S. Department of Education, External Breach Notification Policy and Plan (Departmental Directive OM:6-107) (2008) (full-text).

Overview Edit

This Directive establishes an external breach notification policy and plan for the U.S. Department of Education (ED). Based on this Directive, ED shall promptly and effectively determine whether or not to notify affected parties outside ED of a suspected or actual breach of personally identifiable information (PII) that ED maintains or processes. This policy applies to all PII maintained, collected, used, or disseminated by ED in any format. This plan also details the related procedures by which affected parties will be notified should such an event occur.

When a data breach involving PII occurs, ED will conduct a risk analysis. Based on this risk analysis ED will determine whether to notify individuals whose PII may have been involved in the breach and what steps if any ED will take to mitigate actual or potential harm.

Also on Fandom

Random Wiki