Common use of Assess Clause in Contracts

Assess. Once an incident or suspected incident has been reported to your Program Manager and Coordinator, they need to immediately determine if a privacy breach has occurred. In making this assessment, two important questions need to be answered: Not all data in the custody or control of an institution is personal information. Therefore, the first part of your assessment is to identity the type of information affected by the incident. Personal information may include information that is not recorded (e.g., a verbal disclosure). Also, if there is a reasonable expectation that an individual can be identified from the information disclosed (either alone or when combined with other information), such information will likely qualify as personal information. Unauthorized disclosure, whether it is intentional, inadvertent, or as a result of a criminal activity, is the defining activity for privacy breaches. It is the “threshold” or “trigger” mechanism for the application of this Guide. If the answer to both questions is “yes”, a privacy breach has occurred and you need to follow the rest of the privacy breach response protocol outlined in this Guide. Program Manager and Coordinator Work together to:  Obtain all available information about the nature of the breach or suspected breach (e.g., when, where, whose personal information involved, how much personal information involved, verbal disclosure or hard copies involved, etc.).  Determine what happened (e.g., did a privacy breach actually occur, what personal information was involved, etc.?) and what needs to be done.  Answer questions in Step 1 Checklist related to 11 The Information Security & Privacy Classification Policy and the Information Security & Privacy Classification Operating Procedures are available at: ▇▇▇▇://▇▇▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇.▇▇.▇▇/cms/tiles.nsf/(vwReadPagesByRefId_Content)/sec2006.06.26.12.06.06. LVU_page?open Key Players Suggested Responsibilities assessing a privacy breach.

Assess. Once an incident or suspected incident has been reported to your Program Manager and Coordinator, they need to immediately determine if a privacy breach has occurred. In making this assessment, two important questions need to be answered: Not all data in the custody or control of an institution is personal information. Therefore, the first part of your assessment is to identity the type of information affected by the incident. Personal information may include information that is not recorded (e.g., a verbal disclosure). Also, if there is a reasonable expectation that an individual can be identified from the information disclosed (either alone or when combined with other information), such information will likely qualify as personal information. Unauthorized disclosure, whether it is intentional, inadvertent, or as a result of a criminal activity, is the defining activity for privacy breaches. It is the “threshold” or “trigger” mechanism for the application of this Guide. If the answer to both questions is “yes”, a privacy breach has occurred and you need to follow the rest of the privacy breach response protocol outlined in this Guide. Note: Institutions have a responsibility to protect personal information and to secure general records, particularly sensitive records.11 Respond to security breaches involving general records in accordance with established rules and regulations. Report incidents involving unauthorized collection, use, retention or disposal of personal information to your Coordinator. Program Manager and Coordinator Work together to:  ▪ Obtain all available information about the nature of the breach or suspected breach (e.g., when, where, whose personal information involved, how much personal information involved, verbal disclosure or hard copies involved, etc.).  ▪ Determine what happened (e.g., did a privacy breach actually occur, what personal information was involved, etc.?) and what needs to be done.  ▪ Answer questions in Step 1 Checklist related to 11 The Information Security & Privacy Classification Policy and the Information Security & Privacy Classification Operating Procedures are available at: ▇▇▇▇://▇▇▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇.▇▇.▇▇/cms/tiles.nsf/(vwReadPagesByRefId_Content)/sec2006.06.26.12.06.06. LVU_page?open Key Players Suggested Responsibilities assessing a privacy breach.