DHS Committee Approves Best Practices for Breach Notifications

    Apr 25, 2017

    In February, a Homeland Security Department advisory committee approved a set of best practices for DHS agencies that may someday have to notify employees or clients of a data breach.

    According to, the action may stem from the data breach that struck the Office of Personnel Management in 2015, possibly impacting some 20 million current and former federal employees and their families.

    The best-practices document encourages agencies to seek a balance in their notification procedures by moving fast enough to comply with legal requirements and to give people time to take defensive measures, but not so quickly as to provide confusing or false information. It cites the danger of “over-notification,” which could result in people not taking the notices seriously.

    The DHS Data Privacy and Integrity Advisory Committee added language that would help the recipients verify that the notice itself was not a phishing scam; and language referring to the federal requirements to ensure all notices are accessible to those with disabilities or who don’t speak English.

    The document follows guidelines established by several federal agencies and a formal guidance document from the Office of Management and Budget that was released in January.


    © 2017, ARMA International