An incident response procedure is fundamental to any security program. In the event of a data security incident, communications – internal and external – are critically important and must be managed properly. Any incident response plan should include a process for communicating pertinent information about the incident to appropriate internal stakeholders, external stakeholders involved in any investigation, and to impacted individuals, parents and other community members in accordance with state laws and school system policies.

Read more, download full document.