Breach Notification Letter

Summary

This template is a Breach Notification Letter that may serve as a baseline letter by a company to notify the recipient of the letter of a data security breach that may have contained the recipient's personal information. This template includes practical guidance, drafting notes, and optional clauses. Because there is no omnibus federal rule regarding breach notification, notices must be sent to all customers in all of the states where they live. Thus, each individual notification must be tailored to follow the rules of the particular state to which it is sent. Since each state's requirements may vary widely (and sometimes conflict), it is helpful to start with a general baseline breach notification letter that provides basic information about the breach, and subsequently modify it to comply with the requirements of the specific state to which it is being sent. For a full listing of related data breach notification content, see Data Breach Notification Resource Kit. For a full listing of data security content that applies to federal government agencies, see Data Security & Privacy for Government Agencies Resource Kit. For additional information about breach notifications, see Breach Notification Letters. For more information on incident responses processes, see Corporate Information Security § 25.04.