Skip to end of metadata
Go to start of metadata

Version 2.1: May 2013

We also recommend reviewing the complementary Sensitive Data Exposure Incident Checklist

Purpose

To provide a toolkit with templates, tips, and examples that can be referred to during the process of notifying potential victims of data compromise.

Introduction

The resources provided here cover a range of issues that commonly arise in the heat of the moment when responding to data incidents. If your institution has a data incident, you will find these templates helpful on topics such as building a press release, drafting a notification letter to potential victims, creating a website with information about the specific incident, preparing for the handling of hotline calls and frequently asked questions, and constructing a website with tips on preventing and dealing with identity theft. In addition, a selection of other resources have been gathered for your easy reference: federal and state legal requirements; sample college and university policies, procedures, and plans; suggestions for determining the threshold for notification (whether or not to notify); general resources on identity theft; and real-life accounts from colleges and universities who have completed one or more incident notification processes.

If you have suggestions for additional content, or materials you would like to add, please contact security-council@educause.edu.

Notification Templates

These Data Incident Notification Templates provide sample materials for dealing with all aspects of a data incident.

Other Resources

Federal and State Legal Requirements

Note that there are currently no federal requirements, but several bills are in varying stages of approval in Congress, so stay tuned.

Sample University Policies, Procedures, and Plans

Thresholds for Notification (some suggestions)

Individual University Materials on Prevention and Responses to Actual Incidents

Sample University Resources on Identity Theft
University Responses to Real Data Security Incidents

Articles

California Office of Privacy Protection

Department of Education Resources

EDUCAUSE Information Security Guide

EDUCAUSE Resource Center Pages

Federal Trade Commission (FTC) Resources

Hearing Testimonies

Presentations

Sony PlayStation Breach


Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Labels:
data data Delete
incident incident Delete
notification notification Delete
toolkit toolkit Delete
press press Delete
release release Delete
letter letter Delete
website website Delete
template template Delete
faq faq Delete
identity identity Delete
theft theft Delete
educause educause Delete
heisc heisc Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.