My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
DEPARTMENT OF JUSTICE (DOJ)
Clerk
>
Contracts / Agreements
>
D
>
DEPARTMENT OF JUSTICE (DOJ)
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/12/2024 3:21:54 PM
Creation date
6/5/2024 12:23:22 PM
Metadata
Fields
Template:
Contracts
Company Name
DEPARTMENT OF JUSTICE (DOJ)
Contract #
N-2024-189
Agency
Information Technology
Expiration Date
12/21/2024
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
20
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Department of Justice (DOJ) <br />Breach Response <br />EXHIBIT E <br />BREACH RESPONSE <br />1. Discovery of Breach: <br />(Contract Number) <br />Exhibit E <br />Agency shall notify DOJ immediately by telephone call and email upon the discovery of any <br />breach of security of any systems and/or files containing classified criminal justice data (in <br />whatever form, paper or electronic) if the data involved was, or is reasonably believed to have <br />been acquired by an unauthorized person, or there is an intrusion, potential loss, actual loss, or <br />unauthorized use or disclosure of the data in violation of this contract, this provision, or applicable <br />state or federal law. <br />Notification shall be provided to the DOJ Program and Technical Manager, the DOJ Information <br />Security Officer and the DOJ Chief Information Officer. DOJ shall take: <br />Prompt corrective action to mitigate any risks or damages involved with the breach and to <br />protect the operating environment and <br />II. Any action pertaining to such unauthorized disclosure required by applicable Federal and <br />State laws and regulations. <br />2. Investigation of Breach: <br />Agency shall immediately investigate such security incident, breach, or unauthorized use or <br />disclosure of criminal justice data or any other confidential data. Within 24 hours of the discovery, <br />Agency shall notify the DOJ Program and Technical Manager, the DOJ Information Security <br />Officer and the DOJ Chief Information Officer of: <br />I. The data elements involved and the extent of the data involved in the breach, <br />II. A description of the unauthorized persons known or reasonably believed to have <br />improperly used or disclosed confidential data, <br />III. A description of where the confidential data is believed to have been improperly <br />transmitted, sent, or utilized, <br />IV. A description of the probable causes of the improper use or disclosure; and <br />V. Whether Civil Code sections 1798.29 or 1798.82 or any other federal or state laws <br />requiring individual notifications of breaches are triggered. <br />VI. Full, detailed corrective action plan, including information on measures that were taken to <br />halt and/or contain the Incident and/or Breach. <br />3. Written Report: <br />Agency shall provide a written report of the investigation to the DOJ Program and Technical <br />Manager, the DOJ Information Security Office and the DOJ Chief Information Officer within forty- <br />eight (48) hours of the discovery of the breach or unauthorized use or disclosure. The report shall <br />include, but not be limited to, the information specified above, as well as a full, detailed corrective <br />action plan, including information on measures that were taken to halt and/or contain the <br />improper use or disclosure. <br />Page 1 of 2 <br />
The URL can be used to link to this page
Your browser does not support the video tag.