This policy defines the circumstances under which the Library shall provide notice regarding a breach in security of sensitive information. This policy applies to information safeguarded by ABC Public Library. Suspected or confirmed information security breaches must be reported immediately to the Library Director. A breach is defined as unauthorized access of library information. The Library will investigate all reports of security breaches of private and/or otherwise sensitive information. Based on the results of the Library's investigation, internal and/or external parties may be notified, as necessary and appropriate. Upon notification of a suspected information security breach, the Library will:
Report the breach to the appropriate officials
Block, mitigate, or de-escalate the breach, if possible.
Implement processes and procedures to prevent similar breaches from occurring in the future.
Internal Notification. The person/department discovering the breach will report it to the Library Director, and will work with him/her to establish an appropriate response strategy. If the Library's investigation determines that criminal activity has taken place, the Director will notify the Board of Trustees. External Notification. The Library Director will determine if external notification will be required. External notification is required if any of the following conditions are met:
Access has been gained to sensitive information
A physical device that contains sensitive information has been lost or stolen
There is evidence that sensitive information has been copied or removed from a physical device containing sensitive information
External notifications will go to anyone affected by the breach, or whose data may have been compromised, as well as to government officials, as required by law.
