Data Breach Response Policy
International Syndication Company LLC Last Updated: 1st September 2023 Effective Date: 1st September 2023 Review Cycle: Annually Responsibility for Policy: Data Protection Officer (Mr. Chris York)
Purpose
The purpose of this Data Breach Response Policy is to provide guidelines and procedures for responding to any unauthorized access, disclosure, alteration, destruction, or any other form of unauthorized processing of personal data held by International Syndication Company LLC.
Scope
This policy applies to all employees, contractors, and vendors who process any form of personal data on behalf of International Syndication Company LLC. The policy is applicable across all websites and web applications owned by the company, including but not limited to:
b2bmedium.com
iSyndicate.io
iSyndicatenews.com
fintechhub.today
healthcarehub.today
hrhub.today
manufacturinghub.today
aihub.today
realestatehub.today
realestatehub.today
data.isyndicate.io
salescloud.isyndicate.io
mailbooster.icrmsoftware.com
Policy Statement
Immediate Action: In the event of a data breach or suspected data breach, immediate action must be taken to contain and limit the impact of the breach.
Notification of Data Protection Officer (DPO): All incidents must be reported to the DPO within 24 hours of discovery.
Risk Assessment: The DPO shall initiate a risk assessment to determine the scope and impact of the breach.
External Notifications: Where necessary, appropriate regulatory bodies shall be notified as required by applicable data protection laws.
Internal Communications: Employees and other stakeholders will be notified as deemed appropriate and according to the incident communication plan.
Legal Counsel: Legal advice will be sought to understand the implications of the breach.
Investigation: A thorough investigation will be conducted to understand the cause of the breach, and measures will be taken to prevent future incidents.
Documentation: All actions, communications, and remediations related to the breach will be documented.
Review: A post-incident review will be conducted, and necessary updates to policies and procedures will be made.
Procedure
Incident Identification: The breach should be identified and confirmed. Preserve evidence where possible.
Initial Containment: Work on short-term and long-term actions to contain the breach.
Risk Assessment: Assess the risks involved including the type of data involved, its sensitivity, and the risks to affected individuals.
Notification: Notify the DPO, affected stakeholders, and regulatory bodies as necessary.
Investigation and Remediation: Investigate how the breach happened and what can be done to better secure data.
Notification of Individuals: If individual data subjects are affected, they should be informed as per legal requirements.
Review: Conduct a review of the incident and update the security measures as necessary.
Review and Updates
This policy will be reviewed annually or in the event of significant changes to the organization or relevant legislation.
Last updated