Breach Notification Procedures

Personal Non-Public Information Policy

Protecting Personal Non-Public Information

Responsible Computing
A Manual For Staff

Computer Security at UD

IT Help Center

UD Home

What are the department's responsibilities?

Whenever possible, personal non-public information, including Social Security and credit card numbers, should not be stored on unit-administered computers. University departments are responsible for the security of information in their possession, and must be vigilant in safeguarding it. For more information see Protecting Personal Non-Public Information.

When a University department becomes aware of a breach of the security of any of its computer systems that contain unencrypted high risk personal non-public information it must:

1. advise Information Technologies-System Security and Access (secadmin@udel.edu) and the Dean or Vice President to which the department reports. If a computer has been stolen, Public Safety must also be notified;
2. notify affected individuals whose highly sensitive personal information is at risk. The department will work with its Dean's or Vice President's office and the Office of Public Relations to provide notification. Notices must be given in writing by US Mail. The final text that is used in any breach notification must be reviewed by the Office of Public Relations.
3. advise Information Technologies-System Security and Access when notification is complete.

What should notices include?

Back to Breach Notification Procedures

Questions / comments?
Copyright © 2005, University of Delaware