IR-8(1)—Incident Response Plan (1)
>Control Description
Include the following in the Incident Response Plan for breaches involving personally identifiable information:
a. A process to determine if notice to individuals or other organizations, including oversight organizations, is needed;
b. An assessment process to determine the extent of the harm, embarrassment, inconvenience, or unfairness to affected individuals and any mechanisms to mitigate such harms; and
c. Identification of applicable privacy requirements.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.