|
Emergency Response Plan
Concept of Operations
Incident Command Team Member/Building Monitor Listing
Specific Emergency Response Procedures
Communications
Appendix/Forms
Additional Resources
|
Data Security Breach
Communications Plan
The Texas A&M University at Galveston Campus
Data Security Breach Communications Plan has been developed to provide
guidance in the event that there is an actual release or a significant
possibility that confidential data has been released or exposed.
No amount of planning can replace the solid
leadership and sound judgment that must be exercised at all levels during
a crisis or emergency situation. This plan will always be an evolving
document and is for guidance only.
Campus Data Security Breach Response Team
The following personnel compose the Campus
Data Security Breach Response Team and are responsible for coordinating
response to any incident.
-
Dr. Brad McGonagle, Assistant Vice
President for Administration
-
Mr. Grant Shallenberger, Assistant Vice
President for Student Affairs and Auxiliary Services and Interim Chief
of Staff
-
Mr. Steve Conway, Director, Computing
Information Services
-
Ms. Susan Lee, Associate Vice President
for Finance
PROCEDURES
Reporting - Anyone who suspects that there
has been a loss of a device containing confidential information or that a
device containing confidential information has been accessed by a person
without proper authority SHALL immediately notify the Director of
Computing and Information Services, Steven Conway or his designated CIS
backup.
Assessment - The Director of Computing and
Information Services will investigate the situation and determine the
likelihood that confidential and/or personal information has been released
or accessed by unauthorized individuals.
Response - In the event that there is an
actual release or a significant likelihood that confidential and/or
personal information has been released or accessed the Director of CIS
will notify the President and CEO and activate the
Campus Data Security Breach Response Team. After assessing the nature and
scope of the situation, the Executive Team member in charge will call
together all available members of the Executive Team to execute the
following plan:
-
Designate a spokesperson: In cases of a
significant crisis, the President and CEO or administrator in
charge will take the lead in conveying the administration's response to
the crisis, showing that the campus has control of the situation,
calming public concern and providing leadership for the entire campus.
-
Draft a fact sheet: The fact sheet will
contain a summary statement of the situation including all known details
to be released to the media. This information will be made available to
(and approved by) the President and CEO in addition to notifying
and providing copies to the following individuals –
-
Notify individuals that may be impacted:
Determine which personnel might have had their personal data released
and who should be informed of the crisis. It is important to keep
administration, faculty, staff, students and parents informed as
appropriate of appropriate details and actions taken by the university
during an emergency.
-
The Campus Emergency Communications
Protocols will be followed (See Appendix A)
-
Update and activate the web site: Update
and activate the website dedicated to communicating during a data
security breach. Review current TAMU System guidelines for the web site
--
https://apps.system.tamus.edu/datasecurity/web.html
-
Alert the media: Determine whether a news
conference and or news release is an appropriate means of conveying
information beyond the protocols used to notify faculty, staff,
students, the news media and the public. The President and CEO or
administrator in charge in consultation with the Director of Media
Relations and Communications will determine logistics of the news
conference including when, where and how the media will be contacted,
which media will be contacted, who will supervise the news conference,
who will appear, etc. The Campus Emergency Communications Protocols for
Media Management will be followed.
-
Other spokespersons: Identify any other
individuals besides those on the Executive Team who may serve as
spokespersons or who might be made available to the news media; assign a
public information staff person to provide counsel to those individuals.
Aftermath Component
Following any crisis, appropriate action
must take place to ensure that members of the campus community, and others
as necessary, receive needed information and assistance to help bring
closure to the crisis as well as relief from the effects of the event.
Attention also should be placed on identifying and implementing measures
to improve the Emergency Preparedness plan used during the crisis.
-
Communications: If needed, a public forum
should be scheduled and coordinated by the Director of Media Relations
and Communications to communicate details of the incident and events to
all interested members of the campus. The timeliness of this meeting is
critical and every effort should be made to see that it occurs within
three work days from the close of the crisis. Representatives from the
Executive Team, Campus Police, Student Affairs, Human Resources,
Employee Assistance Program, as well as the Counseling Office should
attend and be prepared to answer questions and share pertinent
information. Specific departments and/or individuals also may be
requested to attend and participate depending upon the nature of the
crisis.
-
Immediately following a crisis: It is
imperative that the campus be sensitive to the needs of faculty, staff
and students who may have been personally affected by the crisis. There
may be a need to assist a victim or victims with obtaining information
and/or a referral to available resources. Human Resources will be the
contact for employee assistance and Student Affairs for student
assistance.
-
Rumor control: It is not unreasonable to
expect that rumors would follow a crisis, further creating an atmosphere
of anxiety. As a preventative measure, the campus Website will
continuously be updated following the crisis to address rumors and
provide additional information as it becomes available. All inquiries to
the crisis will be directed to the Director of Media Relations and
Communications.
-
Ten day follow up: The Executive Team
shall meet within 10 days following a crisis and review all actions
taken as a result of the crisis to determine effectiveness and
efficiency of operations and make any needed changes to the Emergency
Preparedness Plan and Emergency Communications Plan and Protocols.
Careful application of the Campus Data
Security Breach Plan will assist the Texas A&M University at Galveston
campus community in responding appropriately and effectively manage the
media. Continued evaluation and refinement of this plan is necessary and
will be initiated on an annual basis.
Revised June 2010 |
