New York - Breach Notification

This playbook helps an analyst determine if the breached data meets the criteria for breach notification according to New York State law, and, if necessary, follows through with the notification procedures.

DISCLAIMER: Please consult with your legal team before implementing this playbook.

Sources: https://ag.ny.gov/internet/data-breach https://www.dos.ny.gov/consumerprotection/pdf/infosecbreach03.pdf https://www.nysenate.gov/legislation/laws/GBS/899-AA

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

  • GenerateInvestigationSummaryReport
  • Set

Commands

  • send-mail
  • setIncident

Playbook Inputs


NameDescriptionDefault ValueRequired
ContactNameIn case of a breach, the contact details to send to the Attorney General and the affected residents.Optional
ContactEmailAddressIn case of a breach, the contact details to send to the Attorney General and the affected residents.Optional
ContactTelNumberIn case of a breach, the contact details to send to the Attorney General and the affected residents.Optional
CompanyNameOptional
CompanyAddressIn case of a breach, the company details to display in the breach report.Optional
CompanyCityIn case of a breach, the company details to display in the breach report.Optional
CompanyCountryIn case of a breach, the company details to display in the breach report.Optional

Playbook Outputs


PathDescriptionType
PIICompromisedSet a flag indicating that PII has been compromised.boolean
HealthInsuranceBreachedSet a flag indicating that the breach contains PII of health insurance information.unknown
MedicalInformationBreachedSet a flag indicating that the breach contains PII of medical information.unknown
FinancialInformationBreachedSet a flag indicating that the breach contains PII of financial information.unknown
AccountInformationBreachedSet a flag indicating that the breach contains PII of account information.unknown
UniqueIdentificationNumberBreachedSet a flag indicating that the breach contains PII of unique identification number.unknown
UniqueBiometricDataBreachedSet a flag indicating that the breach contains PII of unique biometric data.unknown
Analyst review.Answers.1Explain, in your words, the incident origin, what you have checked, and any information related to this incident.longText

Playbook Image


NewYork-BreachNotification