>myctrl.tools
GitHub

IR-8(1)Breaches

PRIVACY

>Control Description

Include the following in the Incident Response Plan for breaches involving personally identifiable information: a. A process to determine if notice to individuals or other organizations, including oversight organizations, is needed; b. An assessment process to determine the extent of the harm, embarrassment, inconvenience, or unfairness to affected individuals and any mechanisms to mitigate such harms; and c. Identification of applicable privacy requirements.

>Supplemental Guidance

Organizations may be required by law, regulation, or policy to follow specific procedures relating to breaches, including notice to individuals, affected organizations, and oversight bodies; standards of harm; and mitigation or other specific requirements.

>Related Controls

PT-1
PT-2
PT-3
PT-4
PT-5
PT-7