Correct PII Breach Procedures
Published, May 6, 2013
Do you know what to do if you suspect there's been a compromise of personally identifiable information?
Your first step would be to report the suspected breach to your supervisor or privacy official. If it's agreed that a breach may have occurred, the supervisor or privacy official will submit an initial breach report using SECNAV 5211/1. The form is designed to send the report to all the appropriate recipients including the DON CIO privacy team. The privacy team will review the report and determine whether notifications to the affected individuals are required. If so, the privacy team will direct the submitter to provide written notification to the individuals within 10 days of breach discovery. Once notifications have been made, the submitter closes the breach by submission of an After Action Report using SECNAV 5211/2.
For additional information and breach reporting resources, including a sample breach notification letter, go to DON CIO PII Breach Reporting Resources.
View more Fast Facts.