You are here

Data Breach Response Policy

1. Mission

East Routt Library District dba Bud Werner Memorial Library (“Library”) offers lending services that require the use of Personally Identifiable Information (PII) to meet the Library’s mission: Promoting Enrichment, Education and Escape for Everyone.

2. Purpose

The Data Breach Response Policy, approved by the East Routt Library District Board of Trustees, is intended to focus attention on data security, data security breaches and how the Library’s established culture of openness, trust and integrity should respond to such activity. The Library is committed to protecting employees, partners and patrons from illegal data breaches or damaging actions by individuals, either knowingly or unknowingly.

3. Scope

This policy applies to all who collect, access, maintain, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle PII of Library employees, partners and patrons. Any agreements with vendors will contain similar language that protects Library users.

4. Suspected theft, data breach or exposure of Library protected data or Library sensitive data

Any individual who suspects that a theft, breach or exposure of Library protected data or Library sensitive data has occurred must immediately provide a description of the breach via email to nbigzad@steamboatlibrary.org or incident@steamboatlibrary.org, or by calling 970.367.4911.

This email address and phone number are monitored by the Library’s Information Security Team. This team will investigate all reported thefts, data breaches and exposures to confirm if a theft, breach or exposure has occurred. If a theft, breach or exposure has occurred, the Library shall assess the risk, assemble a response team and provide notification of the breach as per C.R.S. 24-73-103.

4.1 Response Team

The Library Director will chair an incident response team to handle a breach or exposure.

The team will include:

Library’s Technology Specialist
Marmot IT Services representative
The supervisor of the affected unit or department that uses the involved system or output, or whose data may have been breached or exposed.
Additional department supervisors based on the data type involved.
Additional individuals as deemed necessary by the Library Director.

Happening Today

Signature Events

Just for Kids

Sign up for a Newsletter

Join a Club

Start a Club

eBooks

Audiobooks & Music

Magazines

Newspapers

New Titles

Movies & TV

Need Help?

Search Online Databases

Available Technology

Popular Research Topics

Consumer Help

Ask Us/Meet One on One

Students & Homeschoolers

Storytimes

Sundays

Mondays

Tuesdays

Wednesdays

Thursdays

Fridays

More in Youth

Read These!

Students & Homeschoolers

Parents & Teachers

Book of the Day

Reader's Resources

Escape into a . . .

Try Something Unique

Join a Book Club

Start a Book Club

Sign up for a Newsletter

Request Titles

Library Card & Account

Connect With staff

Request Titles

Sign Up for a Newsletter

Discover