Breach Notification Notice

Purpose

An information technology (IT) security incident is an event involving an IT resource at Clayton State University (CLSU) that has the potential of having an adverse effect on the confidentiality, integrity, or availability of that resource or connected resources. Prompt detection and appropriate handling of these security incidents is necessary to protect Clayton State University’s information assets and to preserve the privacy and confidentiality of personal data.

The purpose of this Security Information Breach Notification Notice is to provide general guidance to Clayton State University (CSU) to enable quick and efficient recovery from security incidents. It is instrumental to respond in a systematic manner to incidents, carry out the steps necessary to handle an incident and minimize disruption to critical computing services or loss or theft of sensitive or mission critical information.

Georgia Laws/Code

1. Social Security Number Protection Law Georgia Law O.C.G.A 10-1-393.8 forbids “publicly posting” or “publicly displaying” individual’s social security numbers (SSNs). It also forbids transferring SSNs over an unsecured connection, as well as using SSNs to access web sites, unless also requiring a PIN or password.
2. Security Breach Notification Law Georgia’s breach notification law was amended in 2007 to include public universities and other state and local agencies. Personal information protected by the Georgia Personal Identity Protection Act of 2007, a.k.a GPIPA, (O.C.G.A. 10-1-910, 10-1-911, and 10-1-912), includes the combination of an individual’s full name, or first initial and last name with one of the following, when not encrypted or redacted:
   1. Social Security Number
   2. Driver’s license number or state ID card number
   3. Account, credit card, or debit card number
   4. Account passwords, personal identification numbers, or other access codes

Any of these types of information are included without a name if a compromise would be sufficient to attempt to perform identity theft using that information. GPIPA does not include any publicly available information, including Open Records data, which includes most institution records and communications.

Breach notification laws from other states, notably California, may still apply if residents from other states are affected.

Point of Contact

Contact Clayton State University Cybersecurity via the THEHUB at 678-466-4357 or email THEHUB@CLAYTON.EDU or informationsecurity@clayton.edu.

Related Links

• State by state official codes for breach laws
• Summary of breach law under Georgia Personal Identity Protection Act (2007)
• Interactive map of state breach notification laws