What should I do if I have a suspected security breach?
You are legally required to report security breaches and notify the individuals involved, if the security breach disclosed or exposed a Social Security number (SSN), or any of the following in combination with a first name/initial and a last name:
- Credit card, debit card, or any other financial account numbers
- Access or security codes, or any passwords
- Drivers license or state identification card numbers
You can find detailed steps for reporting a suspected breach at http://informationpolicy.iu.edu/ir.
Notification to affected individuals usually comes from the unit associated with the breach, but be sure to coordinate with the IIA incident response team. They will make sure the appropriate forensic steps have taken place and appropriate notification procedure is followed.
More information
The breach notification law is available at http://www.in.gov/legislative/ic/code/title4/ar1/ch11.html.
For information about protecting sensitive data and data protection laws, see http://informationpolicy.iu.edu/resources/safedata.
Feel free to contact us if you would like more information.
