MOUNT DESERT — A data breach response policy was adopted Monday by the board of selectmen to guide town officials in investigating any unauthorized access of personal information through the town’s electronic systems.
The Maine Municipal Association has added cyber-liability coverage to its insurance plan for municipalities and recommends that all cities and towns develop a data breach response policy.
Town Manager Durlin Lunt said he worked with Police Chief Jim Willis and the town’s IT consultant, Robert Bickmore, to develop such a policy.
The policy defines a data breach as “any occurrence where personal identifying information (such as Social Security numbers or payroll information) is accessed by someone other than an authorized user for anything other than an authorized purpose.”
If a data breach is suspected, a response team consisting of the police chief, town clerk and contracted information technology (IT) coordinator will immediately investigate.
“Any town electronic equipment suspected of being the source of a breach shall be completely disconnected from the town network” and shall be “left powered on and idle until an investigation is completed,” the policy states.
The response team will try to determine how the data breach occurred, what personal information was accessed and how many people were affected. They also will take a number of other steps including notifying everyone whose personal information might have been compromised and recommending to the town manager “what steps can be taken to minimize the risk of a future breach.”
Lunt said the town has not experienced any data breaches to date.