My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
4.5. SR 07-06-2015
ElkRiver
>
City Government
>
City Council
>
Council Agenda Packets
>
2011 - 2020
>
2015
>
07-06-2015
>
4.5. SR 07-06-2015
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/1/2015 11:02:11 AM
Creation date
7/1/2015 10:56:08 AM
Metadata
Fields
Template:
City Government
type
SR
date
7/6/2015
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
12
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Response to Suspected Breach <br /> Upon the report of a suspected breach, the city administrator shall take any and all actions necessary <br /> to secure the data and to protect the data from continued or repeated breach and shall conduct a <br /> preliminary internal assessment of the scope of the breach. <br /> If the breach is suspected on a city computing system that contains or has network access to Not <br /> Public Data, the city administrator shall consult with city IT personnel and consider control measures, <br /> including, but not limited to, removing the computer system from the city network. <br /> Determination of Breach <br /> The city administrator,in conjunction with the city attorney, shall determine whether a breach has <br /> occurred. Due consideration should be given to the potential for damage to individuals if no breach <br /> is determined and notice is not provided. Contact the League of Minnesota Cities (LMCIT) Claims <br /> Department. LMCIT may provide a breach coach to assist with the handling of a data security <br /> breach or cyber event. <br /> Notice <br /> If it is determined that a breach has occurred, the city administrator shall provide notice to all data <br /> subjects affected by the breach. The city administrator,in conjunction with the city attorney, shall <br /> determine whether notice is required to be provided and to whom such notice is to be provided. At <br /> a minimum,individuals shall be notified if their private or confidential data was, or is reasonably <br /> believed to have been, acquired by an unauthorized person. If specific individuals cannot be <br /> identified, notice should be sent to groups of individuals likely to have been affected, such as all <br /> whose information is stored in the database or files involved in the breach. Appropriate measures <br /> should also be taken to prevent notice lists from being over-inclusive. The forms of notice to be <br /> provided are attached. <br /> 1. Timing. Notice shall be provided to all affected data subjects without unreasonable delay, <br /> subject to: <br /> a) The legitimate needs of a law enforcement agency; and <br /> b) any measures necessary to determine the scope of the breach and restore the <br /> reasonable security of the data. <br /> Immediate notification may be appropriate in the event of a breach that could have <br /> immediate deleterious impact on individuals whose data may have been acquired by an <br /> unauthorized person. <br /> 2. Content. The notice shall generally include the following information: <br /> a) A general description of what happened, and when, to the extent known. <br /> b) The nature of the individual's private or confidential information that was involved <br /> (not listing the specific private/confidential data). <br /> c) Information about what the city has done to protect the individual's <br /> private/confidential information from further disclosure. <br /> d) City assistance (such as website information or phone number of a city resource) for <br /> further information about the incident. <br />
The URL can be used to link to this page
Your browser does not support the video tag.