SE-02-727 Privacy Incident Response

Privacy Incident Response

SE-02-727
Privacy Incident Response
Security
Respond
Privacy Incident Response
NOT SELECTED
NA
No
Lack of a Privacy Incident Response program may result in improper identification and handling of privacy events.
The organization: a. Develops and implements a Privacy Incident Response Plan; and b. Provides an organized and effective response to privacy incidents in accordance with the organizational Privacy Incident Response Plan.
A written, documented privacy incident response plan is in place.
No statewide control
Obtain data privacy policy and procedures; other relevant documents or records and ascertain if: (I) the organization develops and implements a Privacy Incident Response Plan; and (ii) the organization provides an organized and effective response to privacy incidents in accordance with the organizational Privacy Incident Response Plan.