Include the following in the Incident Response Plan for breaches involving personally identifiable information: (a) A process to determine if notice to individuals or other organizations, including oversight organizations, is needed; (b) An assessment process to determine the extent of the harm, embarrassment, inconvenience, or unfairness to affected individuals and any mechanisms to mitigate such harms; and (c) Identification of applicable privacy requirements.
ID | Name | Description | D3FEND |
ID | Description |
Requirement | Rationale/Additional Guidance/Notes |
---|
ID | Name | Description |
---|