PM 01-01-04-c
Procedures for Breach of FTI or NDNH Confidentiality Information
In Accordance with IDHS Incident Procedures, in all cases, the IDHS Chief Privacy Officer (CPO) and the IDHS Chief information Security Officer (CISO), the Bureau of Performance Management (BPM) and the Division Director and/or his or her designee must be contacted immediately upon discovery of an authorized disclosure, use or access of FTI or NDNH data by the person who discovered the data incident or the person's supervisor. The CPO and CISO will direct the investigation into the data incident.
The CPO, the CISO or the BPM must report the data incident within 24 hours to the following agencies:
- FTI: Special Agent-in-Charge, Treasury Inspector General for Tax Administration (TIGTA) in Chicago at (312) 554-8751; and
- NDNH: Administration for Children and Families, Office of Child Support Enforcement, FPLS Information Security officer by telephone at (202) 401-5410 or email at linda.boyer@acf.hhs.gov.
These agencies will be notified with the information listed below, by an encrypted electronic message with "Incident Response" on the subject line.
The following information must be provide when reporting FTI or NDNH breach:
- Date & time of incident;
- Date & time discovered;
- How discovered;
- Description of the incident;
- Approximate number of FTI or NDNH records involved;
- Address where occurred; and
- IT involved - (laptop, server, mainframe).