My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
9.2. SR 06-15-2015
ElkRiver
>
City Government
>
City Council
>
Council Agenda Packets
>
2011 - 2020
>
2015
>
06-15-2015
>
9.2. SR 06-15-2015
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/16/2015 8:46:26 AM
Creation date
6/11/2015 2:35:08 PM
Metadata
Fields
Template:
City Government
type
SR
date
6/15/2015
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
11
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Response to Suspected Breach <br />Upon the report of a suspected breach, the city administrator shall take any and all actions necessary <br />to secure the data and to protect the data from continued or repeated breach and shall conduct a <br />preliminary internal assessment of the scope of the breach. <br /> <br />If the breach is suspected on a city computing system that contains or has network access to Not <br />Public Data, the city administrator shall consult with city IT personnel and consider control measures, <br />including, but not limited to, removing the computer system from the city network. <br /> <br />Determination of Breach <br />The city administrator, in conjunction with the city attorney, shall determine whether a breach has <br />occurred. Due consideration should be given to the potential for damage to individuals if no breach <br />is determined and notice is not provided. Contact the League of Minnesota Cities (LMCIT) Claims <br />Department. LMCIT may provide a breach coach to assist with the handling of a data security <br />breach or cyber event. <br /> <br />Notice <br />If it is determined that a breach has occurred, the city administrator shall provide notice to all data <br />subjects affected by the breach. The city administrator, in conjunction with the city attorney, shall <br />determine whether notice is required to be provided and to whom such notice is to be provided. At <br />a minimum, individuals shall be notified if their private or confidential data was, or is reasonably <br />believed to have been, acquired by an unauthorized person. If specific individuals cannot be <br />identified, notice should be sent to groups of individuals likely to have been affected, such as all <br />whose information is stored in the database or files involved in the breach. Appropriate measures <br />should also be taken to prevent notice lists from being over-inclusive. The forms of notice to be <br />provided are attached. <br /> <br />1. Timing. Notice shall be provided to all affected data subjects without unreasonable delay, <br />subject to: <br />a) The legitimate needs of a law enforcement agency; and <br />b) any measures necessary to determine the scope of the breach and restore the <br />reasonable security of the data. <br /> <br />Immediate notification may be appropriate in the event of a breach that could have <br />immediate deleterious impact on individuals whose data may have been acquired by an <br />unauthorized person. <br /> <br />2. Content. The notice shall generally include the following information: <br />a) A general description of what happened, and when, to the extent known. <br />b) The nature of the individual’s private or confidential information that was involved <br />(not listing the specific private/confidential data). <br />c) Information about what the city has done to protect the individual’s <br />private/confidential information from further disclosure. <br />d) City assistance (such as website information or phone number of a city resource) for <br />further information about the incident.
The URL can be used to link to this page
Your browser does not support the video tag.