Main Nav

Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

Comments

Carlos,


You should check with your state Attorney General's office. When I worked in Massachusetts there was specific language that was required under state law. Now, Massachusetts has one of the strictest laws nationally on data breach, but New Mexico might have something to say also!  :)

 

 - Mark

--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.



-------- Carlos Lobato said:

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Carlos,
The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Section 2 discusses constructing a Data Notification letter and includes links to several University's samples.

Best wishes,

Cathy

Cathy Hubbs
Chief Information Security Officer
Office of Information Technology
American University




From:        Carlos Lobato <clobato@NMSU.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU,
Date:        01/02/2013 01:39 PM
Subject:        [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



All,
 
We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.
 
Thanks in advance,
 
Carlos
 
Carlos S. Lobato, CISA, CIA
IT Compliance Officer
 
New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM  88003
 
Phone (575) 646-5902
Fax (575) 646-5278

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Carlos,
The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Section 2 discusses constructing a Data Notification letter and includes links to several University's samples.

Best wishes,

Cathy

Cathy Hubbs
Chief Information Security Officer
Office of Information Technology
American University




From:        Carlos Lobato <clobato@NMSU.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU,
Date:        01/02/2013 01:39 PM
Subject:        [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



All,
 
We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.
 
Thanks in advance,
 
Carlos
 
Carlos S. Lobato, CISA, CIA
IT Compliance Officer
 
New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM  88003
 
Phone (575) 646-5902
Fax (575) 646-5278
Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

Carlos,


You should check with your state Attorney General's office. When I worked in Massachusetts there was specific language that was required under state law. Now, Massachusetts has one of the strictest laws nationally on data breach, but New Mexico might have something to say also!  :)

 

 - Mark

--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.



-------- Carlos Lobato said:

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Carlos,
The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Section 2 discusses constructing a Data Notification letter and includes links to several University's samples.

Best wishes,

Cathy

Cathy Hubbs
Chief Information Security Officer
Office of Information Technology
American University




From:        Carlos Lobato <clobato@NMSU.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU,
Date:        01/02/2013 01:39 PM
Subject:        [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



All,
 
We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.
 
Thanks in advance,
 
Carlos
 
Carlos S. Lobato, CISA, CIA
IT Compliance Officer
 
New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM  88003
 
Phone (575) 646-5902
Fax (575) 646-5278
Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

Carlos,


You should check with your state Attorney General's office. When I worked in Massachusetts there was specific language that was required under state law. Now, Massachusetts has one of the strictest laws nationally on data breach, but New Mexico might have something to say also!  :)

 

 - Mark

--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.



-------- Carlos Lobato said:

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Carlos,
The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Section 2 discusses constructing a Data Notification letter and includes links to several University's samples.

Best wishes,

Cathy

Cathy Hubbs
Chief Information Security Officer
Office of Information Technology
American University




From:        Carlos Lobato <clobato@NMSU.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU,
Date:        01/02/2013 01:39 PM
Subject:        [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



All,
 
We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.
 
Thanks in advance,
 
Carlos
 
Carlos S. Lobato, CISA, CIA
IT Compliance Officer
 
New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM  88003
 
Phone (575) 646-5902
Fax (575) 646-5278
Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

Carlos,


You should check with your state Attorney General's office. When I worked in Massachusetts there was specific language that was required under state law. Now, Massachusetts has one of the strictest laws nationally on data breach, but New Mexico might have something to say also!  :)

 

 - Mark

--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.



-------- Carlos Lobato said:

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Carlos,
The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Section 2 discusses constructing a Data Notification letter and includes links to several University's samples.

Best wishes,

Cathy

Cathy Hubbs
Chief Information Security Officer
Office of Information Technology
American University




From:        Carlos Lobato <clobato@NMSU.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU,
Date:        01/02/2013 01:39 PM
Subject:        [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



All,
 
We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.
 
Thanks in advance,
 
Carlos
 
Carlos S. Lobato, CISA, CIA
IT Compliance Officer
 
New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM  88003
 
Phone (575) 646-5902
Fax (575) 646-5278
Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

Carlos,


You should check with your state Attorney General's office. When I worked in Massachusetts there was specific language that was required under state law. Now, Massachusetts has one of the strictest laws nationally on data breach, but New Mexico might have something to say also!  :)

 

 - Mark

--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.



-------- Carlos Lobato said:

All,

 

We are in the process of establishing a policy, plan and procedures related to computer security incidents and data breaches and as part of our procedures we would like to include a sample notification letter to affected parties.  If your institution has a sample letter that you have sent in the past to affected parties and consider it a best practice we would appreciate it if you would share a copy of said sample letter with us.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.