Data Breach Response Procedures

CONTACT IN THE EVENT OF A BREACH

Purpose

For Embry-Williams Technical Writing Certifications LLC. any breach of private information has the potential to result in losses to our members and subscribers. Security incidents could arise in a myriad of contexts relating to paper documents and electronically-stored and transmitted information such as theft, misuse of data, and computer- or technology- based violations. They may result in disclosure of personal information, diminished intellectual property, a tarnished reputation in the community, loss of trust among employees and students, reduction of economic resources and funding opportunities, the loss of employees’ time in responding and reacting to the breaches, and legal sanctions. Because of these potential harms, Embry-Williams Technical Writing Certifications LLC. places a high priority on the security of its information. It is Embry-Williams Technical Writing Certifications LLC.’s intention to investigate and respond appropriately to each information breach, depending upon the level of potential consequential harm, and legal obligations, related to each particular situation.

All individuals and management centers (e.g. offices, departments) within the Embry-Williams Technical Writing Certifications LLC. community are responsible for reporting information breaches and upholding our privacy policies and practices.

This document defines and describes the communication and response procedures in the event of a data breach. The overarching consideration is that all regulatory requirements and company policies be met.

Roles and Responsibilities regarding responding to information breaches

Embry-Williams Technical Writing Certifications LLC. Is responsible for developing and maintaining the system-wide incident response process for data breaches. Acts as a central and the first point of contact in the event of data breaches.

Responsible for notifying individuals affected by privacy-related breaches.

Embry-Williams Technical Writing Certifications LLC. Is responsible for conducting computer diagnostic support in computer- or technology-based breaches, providing expertise and advice regarding data security, and suggesting remedies to prevent future breach occurrences.

Embry-Williams Technical Writing Certifications LLC. Is responsible for providing legal advice during the investigation, including guidance on providing notifications as required by law (e.g. HIPAA, state law, etc.)

Marketing & Communications

Is responsible for providing the Embry-Williams Technical Writing Certifications LLC. leadership team with communication strategies with regard to affected parties and internal stakeholders. Also, responsible for communicating with the media after consultations with the Embry-Williams Technical Writing Certifications LLC. leadership.

Procedures [Flow of responsive actions]

  1. Embry-Williams Technical Writing Certifications LLC. personnel discover a possible breach of private information.
  2. Immediately, alleged breach is reported to Embry-Williams Technical Writing Certifications LLC. leadership. To report a breach, personnel should leadership at info@techwritingcerts.com.
  3. Embry-Williams Technical Writing Certifications LLC. leadership investigates the alleged breach event as quickly as possible.
    1. No Breach Found – If Embry-Williams Technical Writing Certifications LLC. leadership determines no actual breach of private information was made, the Embry-Williams Technical Writing Certifications LLC. leadership documents this determination and the process ends.
    2. Yes, Breach Found – If Embry-Williams Technical Writing Certifications LLC. leadership determines there was a breach of private information, leadership works with the affected office or department to contain the breach. Leadership assesses the extent and impact of event. May also bring in other offices (e.g. ITS Security if the alleged data breach involved electronic information).
      1. After containing the breach, leadership determines whether specific legal protections relate to the breached information and identify the relevant reporting obligations. leadership will work together to identify all laws that may impact Embry-Williams Technical Writing Certifications LLC.’s response, including but not limited to the following: Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Indiana state law, other federal laws such as the Federal Trade Commission Act and Gramm-Leach-Bliley Act, plus any relevant contractual obligations. leadership may consult other internal Embry-Williams Technical Writing Certifications LLC. offices as necessary.
      2. Leadership drafts standard notification letter to individuals affected by breach and sends letters per applicable legal requirements.
  • In addition to legally required notifications, leadership identifies whether other actions are required to remedy the effects of the breach (e.g. identify theft protection, notification to third parties, etc.) Leadership also identifies other institutional process deficiencies that must be addressed.
    1. If so, leadership works with affected groups to ensure their work processes are modified to avoid similar, future breaches. Also, leadership notifies Human Resources of any employment policy violations so that appropriate corrective action may be taken.
  1. A breach incident is closed when leadership drafts a Breach Report, an internal record which shall be considered a confidential company document. Leadership shall share the breach report, at its discretion, with parties that were involved in the incident, as well as any other appropriate parties. The breach report shall include at least all of the following items, to the extent the information is available:
    1. Date and time the breach was detected
    2. Physical location, system, and services involved in breach
    3. Department or office responsible for the system or service
    4. Type and scope of data which was compromised
    5. Brief overview of the vulnerability that contributed to the breach
    6. Potential impact to individuals and/or campus operations and resources
    7. Summary of response activities

Leadership collects each Breach Report and may use the report to fulfill legal reporting obligations to appropriate federal agencies. Additionally, appropriate offices shall maintain records for purposes of compliance with privacy-related laws.

For immediate assistance in case of a breach, you can contact us at info@techwritingcerts.com.