Data Breach Policy for Class Creator

Data Breach Policy

What will we do in the event of a data breach?

Class Creator has a Critical Incident Response Team (which includes our CTO, CEO & COO), and a Breach Response Plan that is reviewed annually.

 

Below is a high-level summary of the steps Class Creator will take in the event of a suspected data breach.

Step 1 – Incident detection and preliminary assessment

Class Creator users, employees and contractors can report suspected operational and security breaches to Class Creator Support via live chat, email or phone. Class Creator will take immediate steps to conduct a preliminary investigation, where we will identify and classify the suspected breach.

Step 2 – Contain the breach

If the preliminary investigation confirms a suspected breach, we will take immediate steps to:

 

  • Contain the breach.
  • Limit distribution of the affected personal information.
  • Limit possible compromise of other information.

Step 3 – Evaluate risks associated with the breach

The next step is to undertake a reasonable and expeditious assessment to:

 

  • Gather all relevant information on the breach.
  • Make a decision, based on the investigation, about whether the breach is an eligible data breach.
  • Determine who needs to be made aware of the breach.
  • Document everything at each step.

Step 4 – Notification

Class Creator will notify affected organisations and users as soon as possible once the facts are known, if:

 

  • There is a chance of serious harm, or if a notification would give the users or customer organisation the ability to avoid serious harm.
  • An incident is likely to cause humiliation or embarrassment for the individual.
  • Their medical data was lost or stolen or viewed by the wrong people.

 

If the user affected is a member of a school, Class Creator will work with the organisation to decide on who communicates to the user (e.g. the parent).

Step 5 – Review to prevent future breaches

In the event of a breach, Class Creator will:

 

  • Fully investigate the cause of the breach.
  • Record an Incident Report.
  • Implement recommendations from the investigation to prevent future breaches.

 

If you have any questions or concerns, please contact us at security@classcreator.io