Once you have discovered a breach occurred what do you do? Remember: the acquisition, access, use, or disclosure of PI in a manner not permitted by law is an apparent breach unless the agency can demonstrate that it is not reasonable to believe that the PI has been compromised based on a risk assessment of at least the factors below.
Ex: confirmed confidential information sent to the wrong recipient was returned or destroyed or policies and procedures were modified as a result of incident.
For each Risk Assessment Questions above create a chart and enter your risk rating (e.g. low, moderate, high).