SE-02-727 Privacy Incident Response

Privacy Incident Response

Control ID

SE-02-727

Control Name

Privacy Incident Response

Control Category

Security

Functional Areas

Respond

Sub-Areas

Privacy Incident Response

NIST Baseline Level(s)

NOT SELECTED

NIST Priority

State Implementation Required

Agency Last Implemented Date

Risk Statement

Lack of a Privacy Incident Response program may result in improper identification and handling of privacy events.

Control Description

The organization: a. Develops and implements a Privacy Incident Response Plan; and b. Provides an organized and effective response to privacy incidents in accordance with the organizational Privacy Incident Response Plan.

Control Example

A written, documented privacy incident response plan is in place.

State Implementation

No statewide control

Testing Procedures

Obtain data privacy policy and procedures; other relevant documents or records and ascertain if: (I) the organization develops and implements a Privacy Incident Response Plan; and (ii) the organization provides an organized and effective response to privacy incidents in accordance with the organizational Privacy Incident Response Plan.