0130.005.00 Confidentiality

0130.005.10.65 Incident Response

IM-100 June 26, 2020

Staff must immediately report an unauthorized inspection or disclosure of confidential information via system or hardcopy, including breaches and security incidents, to the applicable incident response contact.

System breaches are generally detected and reported by the Information Technology Services Division.

Examples of hardcopy breaches, whether intentional or accidental, include, but are not limited to:

  • Disclosing information to a relative, friend or other party without the individual’s consent
  • Sending documents with confidential information to the wrong individual
  • Including the wrong individual’s information on documents
  • Leaving confidential information unattended where access by unauthorized individuals may occur

Incident Response for Unauthorized Disclosure of Confidential Information

Staff must immediately report, within no more than one hour after discovery, an unauthorized inspection or disclosure via system or hardcopy, including breaches and security incidents, of confidential information to the FSD Privacy Officer or his/her designee. Staff will document the incident by preparing and submitting an Information Disclosure Incident Report (Ref: Department of Social Services Administrative Manual, ADM–5–103, Exhibit 5).

The DSS Privacy Officer and the FSD Privacy Officer will work together to resolve the issue and provide direction to the office manager.