External Incident Notification Involving a Constituency

["Barton, Robert W." <bartonrt () LEWISU EDU>]

Afternoon,

For those that do a notice of breaches of other entities, that involve your constituents, why?  We have a little bit of 
a debate here as to IF, HOW OFTEN, and/or HOW we notify for breaches of third party systems that release information 
pertaining to us.  If you do, why?  If you don't, why not? I have a short list of why or why not, but I would like to 
hear from others.  Has anybody found a best practice on the subject?

Robert W. Barton
Executive Director of Information Security and Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663


This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community