1. What are the circumstances of the breach.
2. What is the type and amount of information involved
3. What action has been taken to contain or control the breach
4. What is the potential harm for affected individuals
5. Are the affected individuals aware the breach has occurred
6. Who has been notified about the breach?
7. What changes will be implemanted to prevent or reduce the risk of a reoccurence
8. Who is the agency contact concerning the breach