Document Actions
Compromise of Confidential or Sensitive Data
last modified
2008-02-25 17:23
There are essential procedures common to a data breach, although a data breach can occur in many ways. The data loss is discovered in the investigation of an incident that initially presents as theft or loss of equipment, system intrusion or hacking, malware and unintended posting to a web page. Once it has been established that a data compromise has taken place, the loss of data becomes the overriding consideration in the response.
Some example scenarios:
- A laptop containing sensitive information is stolen (physical intrusion or theft).
- Sensitive information is inadvertently posted on a web site without access restrictions (configuration error).
- Access restrictions are inadvertently changed or removed, exposing the data (configuration error).
- A system compromise raises questions as to the continuing confidentiality of the data (intrusion).
- Keylogging software or other spyware is found on a host (malware).
Recovery advice depends on the particular compromise vector. Refer to advice on the presenting incident as well as responding to the data exposure issue.
- Preserve any log files that show access to the sensitive data.
- Secure all copies of the material from further compromise using the most suitable method(s):
- Remove the sensitive data from the host or web pages
- Disconnect the host from the network
- Physically secure the data in a location with limited (and, if possible, logged) access. Suggested method:
- Place the material in an envelope
- Seal the envelope and sign across the sealed flap
- Secure the in a locked drawer or cabinet
- Notify key staff. This may include:
- Dean or departmental director, business manager, immediate supervisor
- Data Custodian
- Law enforcement, Risk Management, and Property Management (see procedures for Physical Intrusion or Theft)
- Notify abuse@rutgers.edu of the incident. See Reporting a Computer Abuse Incident for guidance as to what information to provide.
- Include information as to the scope of the loss. Suggested descriptive metrics:
- the type of data. Examples include:
- Social Security Numbers
- credit card numbers
- human subject research data
- protected health information
- financial records
- student records
- other NPPI (Non-public personal information)
- passwords associated with accessing sensitive data, regardless of the location of the data
- estimate of the number of records exposed or lost
- estimate of the number of individuals that may be impacted
- If the material was on a web site:
- take steps to remove cached copies from search engines.
- identify other departmental or University sites with copies of the information (or similar information). Consult What are considered best practices for protecting NPPI? for available scanning tools.