You are here:
Issued: March 1st, 2010
Related Policies: Hampshire College Information Security Policy, Hampshire College Data Security Policy
To define the circumstances under which the College shall provide notice regarding a breach in security of college information.
This policy applies to information safeguarded both by Hampshire College and/or by third-party vendors and contractors working with Hampshire College. Suspected or confirmed information security breaches must be reported immediately to the director of information technology. A breach is defined as unauthorized access of college information. Hampshire College Information Technology Department will investigate all reports of security breaches of private and/or Level III information, as defined in the Hampshire College Data Security Policy.
Based on the results of the College's investigation, internal and/or external parties may be notified, as necessary and appropriate.
Upon notification of a suspected information security breach the information technology department will:
The Hampshire College information technology department will report all suspected cases of significant information breaches to the vice president for finance and administration, and will work with him/her to establish an appropriate response strategy. If the Hampshire College information technology departments's investigation determines that criminal activity has taken place, the information technology director (or designee) will report the breach to public safety and/or College counsel. The College community at large will be notified of the results of the initial investigation.
The director of information technology in consultation with the vice president for finance and administration will determine if external notification will be required in the event of an information breach. External notification is required if any of the following conditions are met:
Parties to be notified may include:
Please refer to the Hampshire College Data security policy for more information regarding classification of information.