Cyber security tips: Incident response
Even with good defenses and workforce training, the university may still get hacked or have data compromised. Devices can be lost or stolen or an email with sensitive information can go to the wrong person.
In accordance with Executive Policy (EP) #8 University Data Policies, every effort must be made to ensure the availability, accuracy, and completeness of institutional data. Access to data for management and maintenance purposes must be authorized by the appropriate information owner or designee.
Each business unit that creates, collects, stores, processes, shares, and transmits institutional data is responsible to ensure the application of uniformly high standards in data management and maintenance, to include the availability and integrity of the institutional data under their care throughout its entire life cycle.
If a data breach occurs, the university must abide by various state and federal laws and regulations which contain specific breach reporting requirements related to FERPA, HIPAA, GDPR, GLBA, etc. In accordance with Washington State RCW 42.56.590, breaches or potential breaches of university confidential or regulated information must be reported immediately to the Chief Information Security Officer or the Office of the Chief Information Officer.