Laserfiche WebLink
California Department of Justice <br />EXHIBIT E <br />BREACH RESPONSE <br />Memorandum of Understanding <br />Exhibit E, Breach Response <br />Discovery of Breach: Agency shall notify DOJ immediately by telephone call and <br />email upon the discovery of any breach of security of any systems and/or files <br />containing classified criminal justice data (in whatever form, paper or electronic) if the <br />data involved was, or is reasonably believed to have been acquired by an <br />unauthorized person, or there is an intrusion, potential loss, actual loss, or <br />unauthorized use or disclosure of the data in violation of this MOU, this provision, or <br />applicable state or federal law. <br />Notification shall be provided to the DOJ Program and Technical Manager, the DOJ <br />Information Security Officer and the DOJ Chief Information Officer. DOJ shall take: <br />Prompt corrective action to mitigate any risks or damages involved with the <br />breach and to protect the operating environment and <br />Any action pertaining to such unauthorized disclosure required by applicable <br />Federal and State laws and regulations. <br />2. Investigation of Breach. Agency shall immediately investigate such security incident, <br />breach, or unauthorized use or disclosure of criminal justice data or any other <br />confidential data. Within 24 hours of the discovery, Agency shall notify the DOJ <br />Program and Technical Manager, the DOJ Information Security Officer and the DOJ <br />Chief Information Officer of: <br />I. The data elements involved and the extent of the data involved in the breach, <br />11. A description of the unauthorized persons known or reasonably believed to <br />have improperly used or disclosed confidential data, <br />III. A description of where the confidential data is believed to have been <br />improperly transmitted, sent, or utilized, <br />IV. A description of the probable causes of the improper use or disclosure; and <br />V. Whether Civil Code sections 1798.29 or 1798.82 or any other federal or state <br />laws requiring individual notifications of breaches are triggered. <br />VI. Full, detailed corrective action plan, including information on measures that <br />were taken to halt and/or contain the Incident and/or Breach. <br />3. Written Report. Agency shall provide a written report of the investigation to the DOJ <br />Program and Technical Manager, the DOJ Information Security Office and the DOJ <br />Chief Information Officer within forty-eight (48) hours of the discovery of the breach or <br />unauthorized use or disclosure. The report shall include, but not be limited to, the <br />information specified above, as well as a full, detailed corrective action plan, including <br />Page 1 of 2 <br />