Monday, January 21, 2008

US Department of Commerce privacy incident response plan

Sabrina Pacifici has posted on her (fantastic) blog, beSpacific, a link to the privacy breach response plan put together by the US Department of Commerce: Department of Commerce Breach Notification Response Plan, September 28, 2007 (21 pages, PDF). This, in and of itself, is not particularly newsworthy but it's worth taking a look at as a precedent document in formulating such policies.

The document includes the Department's matrix for determining whether notification is required:

No comments: