Objective
xxx
Scope
xxx
Responsibilities
xxxx
Provisions:
xxxx
Usage/Procedure
xxxx
Frequence
xxxx
References
xxx
Annex A
Incident Report Template
Please complete this form in the event of a data breach or data security incident:
Date of Incident: _________________________________________________________
Date Incident was discovered: ______________________________________________
Name of the individual reporting incident: _____________________________________
Contact details of the individual reporting incident: ______________________________
Where the incident occurred: _______________________________________________
Description of the incident (How do you believe that there was a breach?):
NOTE: Please provide sufficient detail to enable us to appropriately investigate your complaint, e.g. number of subjects affected, data placed at risk by the incident.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Documents
Please attach copies of any document/s you consider may assist us in investigating the incident.
Annex B
Breach Letter Template
Dear (Client Name),
We regret to inform you that Infinit-O has discovered a breach in our processing system that has exposed your (personal/company) data to unauthorized use by external parties. We have notified relevant law enforcement agencies about this incident (as needed) and legal counsel where needed to minimize any further risk posed to you by this incident. About the incident
We appreciate you’re going to have questions and concerns relating to this incident, and we will do our best to explain the situation, what happened, and why.
Infinit-O has conducted an investigation and we believe the following events led to the data security incident in question:
• [List timeline of events here]
• *DETAILS*
About the data involved
We believe the following information may have been unlawfully accessed or affected by this data security incident:
• [List details here]
• *DETAILS*
What this means for you
Following the investigation, Infinit-O has carried out as part of this data security incident, and bearing in mind the type of information or data relating to the incident, we believe you may experience the following consequences as a result of this incident:
• [List details here]
• *DETAILS*
As a result, we would recommend you take the following actions as soon as possible to further protect yourself or your organization from additional risks associated with this incident: • [List details here]
• *DETAILS*
•
What will we do to prevent this from happening in the future?
Here at Infinit-O, your privacy is one of our top concerns. We do everything we can to ensure your personal/company data is made secure and your rights are preserved and upheld at all times. On this occasion we have fallen short, and we wholeheartedly and unreservedly apologize.
To ensure that data security incidents like this do not occur in the future, Infinit-O is already taking the following steps to eliminate future risk and minimize the impact such threats could pose to you in the future:
• [List details here]
• *DETAILS*
Once again, we would like to take this opportunity to apologize for this breach of security. We promise to do everything within our power to make sure this never happens again.
If you have additional questions about this incident, please contact our Data Protection Office, Mary Grace Cepe at dpo@infinit-o.com.
Yours Sincerely,
________________________
Richard B. Tan
VP for Client Solutions Group