THE HSWAGATA BUDDHA TOOTH RELIC PRESERVATION PRIVATE MUSEUM
FOR INTERNAL USE ONLY
Template No.: TK-030
Template Title: Sensitive Info Leaked in Process (C/G) — Access Mapping + Data Handling Rule
Related Research Case IDs / Cluster:
Cluster C (Institution-Building & Records Discipline) / Cluster G (Neglect risk, weak controls, loss through poor handling)
Linked Templates / Policies:
TK-023 Verbal-to-written confirmation SOP (if leak was via calls)
TK-029 Evidence Package Template (if evidence was overshared)
T31 Chain-of-Custody Log (for sensitive items)
Institutional Policies for Relic Stewardship (Safeguarding & Integrity)
Date of form: ____ / ____ / ______
Prepared by / Role: _______________________
Office / Unit: ____________________________
Country / Location: _______________________
Confidentiality Level:
☑ Internal only ☐ Restricted ☐ Sacred-Restricted / Sensitive
Use of this form (tick):
☐ New case / action ☑ Follow-up ☐ Annual review ☐ Archive only
TK-030 — SENSITIVE INFO LEAKED IN PROCESS (C/G)
(Who accessed + data handling rule)
1. Purpose
Use TK-030 when sensitive information is leaked during an administrative process, such as:
names, phone numbers, addresses,
relic location, storage method,
donor identities and amounts,
internal conflict details,
draft letters, evidence packages, screenshots.
This template helps HSWAGATA to:
map who accessed the info,
stop further spread,
correct weak handling,
set a clear “data handling rule” for next actions.
2. Quick Classification
Tick one:
☐ C-type: accidental leak by poor admin process (email forwarding, wrong CC, casual talk).
☐ G-type: leak linked to neglect/weak controls (no access limits, no logs, unmanaged copies).
If threats, pressure, or extortion appear, move to conflict pathway (F).
3. Immediate Containment (Do Now)
☐ Stop sending more files until scope is known.
☐ Freeze the “latest package” version (no edits).
☐ Save evidence of leak (screenshots, emails, forwarded headers).
☐ Change access permissions (remove shared links, change passwords if used).
☐ Inform only the minimum internal leaders (need-to-know).
4. “Who Accessed” Mapping Form
A. What Was Leaked?
Tick all that apply:
☐ Personal data (name/phone/address/ID)
☐ Relic location / security details
☐ Donor data (names/amounts)
☐ Photos of relics / storage
☐ Legal/complaint content
☐ Evidence package documents
☐ Other: ______________________
B. Where Did the Leak Happen?
☐ Email (wrong recipient / CC / forward)
☐ Messaging app (Line/WhatsApp/Viber/etc.)
☐ Printed copies (left behind)
☐ Shared drive / link
☐ Meeting talk / verbal
☐ External office handling
☐ Unknown
C. Known or Possible Viewers (List)
Fill as a list. Use “Known” vs “Possible”.
Known viewers:
__________________ (role/office)
Possible viewers:
__________________ (how could they access?)
D. Access Timeline
First date/time leaked: //____ ______
Last confirmed access: //____ ______
Is the link/file still accessible? ☐ Yes ☐ No ☐ Unknown
E. Evidence of Leak (Attach)
☐ Email header / forwarding chain
☐ Screenshot of shared message
☐ Link audit / access list (if available)
☐ Witness note (who saw what)
5. Impact Check (Simple)
Tick what impact is possible:
☐ Privacy harm to people
☐ Increased theft/security risk
☐ Rumour/misinformation risk
☐ Damage to trust with donors/community
☐ Institutional reputation risk
☐ Legal/regulatory risk
Risk level now: ☐ Low ☐ Medium ☐ High
6. Response Options (Choose What Fits)
Option A — Internal Correction Only (Low/Medium)
☐ Notify internal team: “Do not resend. Use new rules.”
☐ Replace file with redacted version for external use.
☐ Update access permissions and logs.
Option B — External Containment Request (Medium/High)
Send a short, calm request to the office/person who received it:
Respectfully submitted,
We learned that a file/message may contain sensitive internal information.
For safety and privacy, we kindly request:
Please do not forward or share it, and
Please delete any extra copies if not required for official procedure.
If you need the materials, we can provide a redacted version.
With respect, …
Option C — Security Upgrade (High)
☐ Move sensitive files to restricted storage
☐ Two-person approval before sending
☐ New code names for relic locations (internal only)
☐ Review access list weekly for 30 days
7. DATA HANDLING RULE (HSWAGATA Minimum Standard)
Rule 1 — “Need-to-Know Only”
Share sensitive data only with:
the responsible office/unit, and
the named officer (if possible).
No broad distribution.
Rule 2 — “Copies First”
Send copies by default.
Originals only by in-person showing + receipt.
Rule 3 — “Redaction Default”
Before sending externally, remove:
personal phone numbers,
home addresses,
ID numbers,
exact relic storage location,
unless it is strictly required.
Rule 4 — “One Package, One Owner”
Each evidence package must have:
one package code (TK030-…),
one sender,
one approved version.
No parallel versions.
Rule 5 — “No Open Links”
Do not use open public links.
If a link is required, use:
expiry date,
password,
access list.
Rule 6 — “Two-Person Review”
Any sensitive outgoing package must be reviewed by:
preparer + second reviewer.
Rule 7 — “Access Log”
Keep a simple log:
who had access,
when it was sent,
what version.
Rule 8 — “Speak Carefully”
Do not discuss sensitive details in public areas or casual chat.
Use short, procedural language only.
This reduces neglect-type loss and strengthens governance discipline.
8. Corrective Action Record (Fill-in)
Actions taken today:
☐ Link removed / access closed
☐ Redacted package prepared
☐ External containment request sent
☐ Internal instruction issued
☐ Password changed / permissions updated
☐ Other: ______________________
Responsible person: ______________________
Next review date: ____ / ____ / ______
9. Archive Checklist
Attach and file:
☐ “Who accessed” mapping (Section 4)
☐ Leak evidence (screenshots, headers)
☐ Containment messages sent
☐ New data handling rule acknowledgment (internal)
☐ Updated access log
Archive tag: TK-030 / Sensitive info leak (C/G)
End of Template TK-030
