The purpose of this policy is to define the goals and the vision for the data breach response process. This document will define with clarity the individuals and stakeholders to whom this applies and the circumstances which fall under it. Also, the document includes the definition of a breach standards and metrics in addition to reporting, remediation, and feedback mechanisms.
This policy document shall be circulated publicly and made easily available to all personnel whose work responsibilities are related to data privacy and security protection. Appy Pie publishes a Data Breach Response Policy to attach due attention to data security and data security breaches and how Appy Pie’s established culture of openness, trust and integrity responds to any such activity. Appy Pie is committed to protecting its employees, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. Appy Pie is a property of Appy Pie LLP.
This policy applies to all individuals and stakeholders who collect, access, maintain, distribute, process, protect, store, use, transmit, dispose of, or in any other way handle Personally Identifiable Information (PII) of Appy Pie and its customers’ constituents.
Confirmed theft, data breach or exposure of Protected data Sensitive data
- As soon as a theft, data breach or exposure containing Personal Data is identified, the process of removing all access to that resource will begin.
- The CISO will chair an incident response team to handle the breach or exposure.
- The CEO will be notified of the theft, breach or exposure. IT, along with the designated forensic team, will analyze the breach or exposure to determine the root cause.
Work with Forensic Investigators
As provided by Appy Pie’s cyber insurance, the insurer will need to provide access to forensic investigators and experts that will determine how the breach or exposure occurred; the types of data involved; the number of internal/external individuals and/or organizations impacted; and analyze the breach or exposure to determine the root cause.
There is a defined plan to communicate the breach to: a) internal employees, b) the public, and c) those directly affected.
- Appy Pie will notify all customers whose data is confirmed exposed or stolen within 72 hours of confirmation via email and/or phone.
- Appy Pie will work with customers to appropriately report the data breach to all affected parties.