Privacy Incidents:

Privacy issues are potential or practical damage to the form of personally identifiable information (PII) accessible to unauthorized persons. The government explains the privacy issue including loss of control, compromise, fraudulent disclosure, unauthorized access, unauthorized access, or similar terms referring to authorized users and unauthorized use To do. A situation that is accessible or potentially accessible to people. Individual-identifiable information whether physical or electronic

Personally identifiable information is information that can be used to identify or track an individual's identity, such as name, social security number, biometric record, or other personal or identifying information related to other individuals or identity information is. Specific individuals such as date of birth and place of birth, mother's maiden name

· Hacker gets information from 1836 Technologies laptop including name, SSN, date of birth

· The employee list was released on the 1836 technology portal that disclosed the name, personal mobile phone number, and home address.

· E-mail with a raise and raise, which was sent from a 1836 Technologies e-mail account to a personal e-mail account

Note: The engineer in 1836 needs to decide whether the PII associated with the incident comes from the technology of 1836 or the customer. If the information is from 1836 Technologies, please continue with this guide. If the information is from a customer, immediately contact the privacy department and coordinate with the customer's privacy representative to act. This process is consistent with 1836 Technologies' privacy incident response. Do not contact customers directly

The first privacy event report is used to report information on privacy events collected first. This form is in the 1836 Technologies Privacy Incident Reporting Portal. Examples of information collected in this report are as follows.

· The name of the engineer in 1836 who discovered the incident, the employee ID number, the technical phone number in 1836, and the technical e-mail address in 1836 (if intending to provide this information).

· Related PII events and general descriptions (ie leaked PII categories, but not actual PII in reports)

Identify the types of information that can identify individuals (although actual information that was disclosed or lost is not included).

IMPORTANT: Do not report the actual PII in the original event. Then, another privacy event occurs.

 - Required items within 72 hours of discovery - Within known limits - Department of Health and Human Services (HHS) requests summary of privacy incident - (Include privacy event location, privacy right) Any kind of media related to privacy issues and any information about protected health information. The case is considered a violation. 45 CFR 164. 402 (2) If there is evidence of (i), (ii), (iii), (iv), the evidence and provisions applicable to HIPAA to find that there are no violations Please provide. This can be submitted in a separate file. In that case, please enter "attach" below.

According to the definition of the US Department of Homeland Security, privacy incidents are adverse events that occur due to violating DHS's privacy policy and procedures. The privacy problem must be "related to misuse or disclosure" of regulatory data such as personally identifiable information and protected health information. Security incidents are "upgraded" to privacy incidents if data related to security incidents is regulated. In other words, most electronic privacy events are security incidents, but it can be certainly said that not all security incidents are privacy incidents. Privacy issues may also arise from sources other than electronics, such as documents that are incorrectly handled, oral or visual disclosure of PII or PHI.