Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Privacy Incidents:

advertisement 
Privacy Incidents:
A Privacy Incident is any potential or actual compromise of personally identifiable information (PII)
in a form that could be accessed by an unauthorized person. The Government has characterized
privacy incidents to include the loss of control, compromise, unauthorized disclosure,
unauthorized acquisition, unauthorized access, or any similar term referring to situations where
persons other than authorized users and for an other than authorized purpose have access or
potential access to personally identifiable information, whether physical or electronic.
Personally identifiable information refers to information which can be used to distinguish or trace
an individual's identity, such as their name, social security number, biometric records, etc. alone,
or when combined with other personal or identifying information which is linked or linkable to a
specific individual, such as date and place of birth, mother’s maiden name, etc.
Examples of privacy incidents include:









Hacker obtains information from 1836 Technologies laptops which includes Name, SSN,
Date of Birth
Lost or stolen thumb drive or portable hard drive of PII
Shipper loses a package of employee applications
Unauthorized access to personnel files
File left on community printer with names, addresses and account numbers
A file folder containing prospective employee resumes is missing
Employee roster posted on 1836 Technologies portal, disclosing name, personal cell
phone number, and home address
E-mail containing salaries and raises transmitted from a 1836 Technologies e-mail
account to a personal e-mail account
Key logger gains access to a computer and its accounts
Note: 1836 Technologies personnel should identify whether the PII involved in the incident
originated from 1836 Technologies or from a client. Continue normally through this guide if the
information originated from 1836 Technologies. If the information originated from a client, notify
the Privacy Division immediately for coordination and action with the client privacy personnel.
This process will occur concurrently to 1836 Technologies privacy incident response. DO NOT
CONTACT THE CLIENT DIRECTLY.
This is the information we would want to capture on an Initial Privacy
Incident Report:
The Initial Privacy Incident Report is used to report information initially gathered about a Privacy
Incident. This form is found on the 1836 Technologies Privacy Incident Reporting Portal.
Examples of information gathered in this report include:

Name, Employee ID#, 1836 Technologies phone number, and 1836 Technologies email
address of the 1836 Technologies personnel who discovered the incident (if they are
willing to provide this information);

Date and time of the incident; and

A general description of the incident and the PII that is involved (i.e., the category of PII
that was compromised, but not the actual PII in the report).
Important: Do not report the actual PII from the initial incident,
because by doing so you will create another Privacy Incident.

To whom it was disclosed, to the extent known;

The risk of the PII being misused expressed in terms of impact and likelihood;

Security controls known to protect the information (e.g., password-protection, encryption);

Steps that have already been taken to reduce the risk of harm; and

Any additional steps that may be taken to mitigate the situation.

Is the incident suspected or confirmed? *

Date Incident Occurred

Date Incident Detected *

Location Incident Occurred

Does the incident involve Paper, Electronic Records, or both? *

Electronic Record Type(s), if applicable (Choose all that apply):








CD/DVD
Desktop computer
Lap top computer
e-mail
electronic file (other than e-mail)
External hard drive
Flash drive/thumb drive/USB key
Other: ____________________
Paper Record Type(s), if applicable (Choose all that apply):




Fax
Mailing
Printer/Scanner
Other: _________
Was personally identifiable information involved in the incident? *
Yes
No
Was personally identifiable information exposed?
Yes
No
If yes, how was the personally identifiable information exposed?
Identify the type(s) of personally identifiable information (but not the actual information
disclosed or lost):

















Name
Date of Birth
Mailing Address
Telephone Number
Social Security Number
E-mail Address
ZIP Code
Financial Account Number
Certificate/License Number
Vehicle Identifiers
Immigration Identification Numbers
Biometric Identifiers
IP Addresses/URLs
Health or Medical Information
Driver's License/Passport/State ID Number
Employee Identification Number
What type of information was compromised?



1836 Technologies Internal Data
Client Data
Other
If Client Data, what Client and/or what contract?
Was the information password protected?



Yes
No
Unknown
Was the information encrypted?



Yes
No
Unknown
Describe the physical security measures:
Number of records affected (approximate if unsure)
Number of individuals affected (approximate if unsure)
Related documents
Critically incident technique The Critical Incident Technique (or CIT
Critically incident technique The Critical Incident Technique (or CIT
Near Miss Incident Reporting and Investigation
Near Miss Incident Reporting and Investigation
ACADEMIC INTEGRITY VIOLATION FORM
ACADEMIC INTEGRITY VIOLATION FORM
Incident Reporting Form
Incident Reporting Form
Developmental Pathways-Early Intervention Incident Report
Developmental Pathways-Early Intervention Incident Report
illicit discharge report form - Licking Soil and Water Conservation
illicit discharge report form - Licking Soil and Water Conservation
Remove Frame - Disaster Management Centre
Remove Frame - Disaster Management Centre
PN Incident Powerpt
PN Incident Powerpt
Download
advertisement