0130.005.10.65 – Incident Response

IM-100, June 26, 2020

Staff must immediately report an unauthorized inspection or disclosure of confidential information via system or hardcopy, including breaches and security incidents, to the applicable incident response contact.

System breaches are generally detected and reported by the Information Technology Services Division.

Examples of hardcopy breaches, whether intentional or accidental, include, but are not limited to:

    • Disclosing information to a relative, friend or other party without the individual’s consent;
    • Sending documents with confidential information to the wrong individual;
    • Including the wrong individual’s information on documents, or
    • Leaving confidential information unattended where access by unauthorized individuals may occur.

Incident Response for Unauthorized Disclosure of Confidential Information

The DSS Privacy Officer and the FSD Privacy Officer will work together to resolve the issue and provide direction to the office manager