The Department of Homeland Security has crafted a set of guidelines on how government agencies can notify affected individuals in the event of a cyber breach, Federal News Radio reported Monday.
Nicole Ogrysko writes the DHS Data Privacy and Integrity Advisory Committee approved a final draft of the guidance during a committee meeting held Feb. 21
The guide suggests methods for notifying cyber breach victims, preparing and sending notices, avoiding “over-notifying” and providing additional assistance for affected personnel, Ogrysko reported.
DPIAC calls on organizations to conduct a risk analysis before notifying cyber breach victims to determine the nature and sensitivity of compromised data and provide prompt notification with accurate information.
The committee said agencies should deliver notification letters through first-class mail to help reach intended recipients.
The panel also recommended that organizations write only the basic details of the incident in plain language; establish a call center with staff that can handle specific questions in multiple languages; and set up a website when more information becomes available.