A data breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, End User Data transmitted, stored or otherwise processed by Conjura (a “Data Breach”). Conjura has implemented appropriate and technical measures in order to prevent the occurrence of any Data Breach. In the event however that a Data Breach does occur, Conjura shall take the following steps:
1. Discovery and Investigation of a Data Breach
When Conjura becomes aware of an actual or potential Data Breach, Conjura shall immediately implement its Data Breach Response Plan. In this regard, Conjura shall begin an investigation into the Data Breach.
As part of this investigation, a Conjura investigator will be responsible for the management of the Data Breach investigation, completion of a risk assessment, and coordinating with others in the organization as appropriate (e.g., administration, security incident response team, human resources, risk management, public relations, legal counsel, etc,). As part of the investigation, the investigator will conduct a risk assessment, and based on the results of the risk assessment, will begin the process of notifying any Clients affected by the Data Breach.
2. Notification to Clients
When Conjura becomes aware of a Data Breach, Conjura shall without undue delay notify any affected Clients of the Data Breach. Conjura will notify any affected Clients of the Data Breach via email and / or telephone.
3. Record of Data Breach
In respect of any Data Breach of which Conjura becomes aware, Conjura shall keep a record of the occurrence of that breach. Such record will contain:
- A brief description of what happened, including the date of the Data Breach and the date / time of the discovery of the Data Breach, if known;
- A description of the categories of personal data and categories of data subjects that were involved, if known;
- Any effect the Data Breach may have on End Users and any steps End Users may need to take in order to protect them from potential harm resulting from the Data Breach; and
- A brief description of the investigation carried out by Conjura and any remedial actions taken in order to mitigate harm to End Users, and to protect against further Data Breaches occurring in the future.