Information Incident Definitions
Area of Responsibility
The divisional area within which computer systems, documents, personnel administering computer systems or other data media, or inventory assets are allocated are in scope for an information incident or data breach.
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.
Individuals for whom enough information is available, either directly or through means of reasonable investigative effort, to provide a source of contact information
- Attempts (either failed or successful) to gain unauthorized access to a system or its data
- Unwanted disruption or denial of service
- The unauthorized use of a system for the processing or storage of data
- Changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent
An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:
- Social Security number.
- Driver's license number or State identification card number.
- Account number or credit or debit card number, or
an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account.
"Personal information" does not include publicly available information that is lawfully made available to the general public from federal, State, or local government records.