The IT Law Wiki

Privacy: Lessons Learned about Data Breach Notification

32,076pages on
this wiki
Add New Page
Add New Page Talk0

Citation Edit

Government Accountability Office, Privacy: Lessons Learned about Data Breach Notification (GAO-07-657) (Apr. 30, 2007) (full-text).

Overview Edit

The GAO investigated a May 2006 data breach at the Department of Veterans Affairs (VA) and other similar incidents. The GAO identified the following lessons learned regarding how and when to notify government officials, affected individuals, and the public: (1) rapid internal notification of key government officials is critical; (2) because incidents vary, a core group of senior officials should be designated to make decisions regarding an agency's response; (3) mechanisms must be in place to obtain contact information for affected individuals; (4) determining when to offer credit monitoring to affected individuals requires risk-based management decisions; (5) interaction with the public requires careful coordination and can be resource-intensive; (6) internal training and awareness are critical to timely breach response, including notification; and (7) contractor responsibilities for data breaches should be clearly defined.

Also on Fandom

Random Wiki