Data Breach Response Policy

International Syndication Company LLC Last Updated: 1st September 2023 Effective Date: 1st September 2023 Review Cycle: Annually Responsibility for Policy: Data Protection Officer (Mr. Chris York)

Purpose

The purpose of this Data Breach Response Policy is to provide guidelines and procedures for responding to any unauthorized access, disclosure, alteration, destruction, or any other form of unauthorized processing of personal data held by International Syndication Company LLC.

Scope

This policy applies to all employees, contractors, and vendors who process any form of personal data on behalf of International Syndication Company LLC. The policy is applicable across all websites and web applications owned by the company, including but not limited to:

  • b2bmedium.com

  • iSyndicate.io

  • iSyndicatenews.com

  • fintechhub.today

  • healthcarehub.today

  • hrhub.today

  • manufacturinghub.today

  • aihub.today

  • realestatehub.today

  • realestatehub.today

  • data.isyndicate.io

  • salescloud.isyndicate.io

  • mailbooster.icrmsoftware.com

Policy Statement

  1. Immediate Action: In the event of a data breach or suspected data breach, immediate action must be taken to contain and limit the impact of the breach.

  2. Notification of Data Protection Officer (DPO): All incidents must be reported to the DPO within 24 hours of discovery.

  3. Risk Assessment: The DPO shall initiate a risk assessment to determine the scope and impact of the breach.

  4. External Notifications: Where necessary, appropriate regulatory bodies shall be notified as required by applicable data protection laws.

  5. Internal Communications: Employees and other stakeholders will be notified as deemed appropriate and according to the incident communication plan.

  6. Legal Counsel: Legal advice will be sought to understand the implications of the breach.

  7. Investigation: A thorough investigation will be conducted to understand the cause of the breach, and measures will be taken to prevent future incidents.

  8. Documentation: All actions, communications, and remediations related to the breach will be documented.

  9. Review: A post-incident review will be conducted, and necessary updates to policies and procedures will be made.

Procedure

  1. Incident Identification: The breach should be identified and confirmed. Preserve evidence where possible.

  2. Initial Containment: Work on short-term and long-term actions to contain the breach.

  3. Risk Assessment: Assess the risks involved including the type of data involved, its sensitivity, and the risks to affected individuals.

  4. Notification: Notify the DPO, affected stakeholders, and regulatory bodies as necessary.

  5. Investigation and Remediation: Investigate how the breach happened and what can be done to better secure data.

  6. Notification of Individuals: If individual data subjects are affected, they should be informed as per legal requirements.

  7. Review: Conduct a review of the incident and update the security measures as necessary.

Review and Updates

This policy will be reviewed annually or in the event of significant changes to the organization or relevant legislation.

Last updated