Related Policies and documents: The College of Wooster Information Security Plan, Identify Theft Protection Program, College of Wooster Privacy Statement: General Statement of our practices and policies, Administrative Data Access Policy, GDPR Privacy Statement, CCPA Privacy Statement, Information Technology Requirements for Software & Services as a Service (S&SaaS) Providers

This procedure outlines the steps you should take in the event of a data breach or suspected data breach (“false alarms” are perfectly acceptable).

This procedure applies to College personnel, contractors, and third-party application or service providers.

Suspected or confirmed information security breaches must be reported immediately to one of “us”: the Chief Information & Planning Officer, the Director of Technology Services, or the Associate Director of Technology Services [currently, Ellen Falduto, Vince DiScipio, and Mike Naylor, respectively].

• If you receive notification from a contractor or third-party service or application provider, immediately notify us and forward the notification you received.  For third-party applications or services, you may continue to receive updates on the incident – forward those to us as well.  If you can have the third-party include us in their notifications, please do so.
• If you discover a breach or suspected breach resulting from internal activity, immediately notify us.

A breach is defined as unauthorized access of non-public college information, regardless of the format in which the information is stored or maintained or where it is stored.  Wooster’s Information Technology department will investigate all reports of security breaches of private or protected information, as defined in the College’s Information Security Plan.

Based on IT’s findings, internal and/or external parties may be engaged in the process and/or notified, as necessary and appropriate.

Updated: 06-10-2023