Cyber Security

Personal Data

cyber security

Personal Protection
Policy & Breach Plans

A Personal Protection Policy is a document that outlines the rules and guidelines for protecting the personal information of an organization’s customers, employees, and other individuals. The Personal Protection Policy typically covers a wide range of topics, including the collection, storage, use, and disclosure of personal information.

The purpose of a Personal Protection Policy is to provide a framework for ensuring that the personal information of individuals is handled in a responsible and secure manner. The policy defines the roles and responsibilities of different teams and individuals within the organization, and outlines the steps that should be taken to prevent and mitigate personal information breaches.

A Personal Protection Policy is often accompanied by a Personal Information Breach Plan, which outlines the specific steps that should be taken in the event of a personal information breach. The breach plan typically includes procedures for identifying and reporting a breach, as well as for communicating with affected individuals and managing the impact of the breach.

Overall, a Personal Protection Policy and Personal Information Breach Plan are important tools for helping organizations to protect the personal information of individuals and maintain their trust and confidence.

These policies and plans provide a clear and consistent set of rules and guidelines for handling personal information, and help to ensure that the organization’s systems and processes are secure and compliant with relevant laws and regulations.

Think you’re covered already?

Here are some questions you should be able to answer “Yes” to:

  • Do you have a formal Privacy and Personal Data Policy approved by management and communicated to staff
  • Do you provide annual training to employees accessing personal data
  • Do you monitor to ensure compliance with laws and regulations relating to personal data
  • Have your personal data practices been audited by an independent in the last 2 years
  • Have you put in place a Data Breach Response plan and educated employees accordingly
  • Is personal data access restricted to those who need it to perform a task
  • Do you encrypt stored personal data and personal data backups
  • Is personal data encrypted when transferred over the network
  • Are mobile devices and laptop hard drives encrypted
  • Does your internet security policy prohibit the copying of non-encrypted personal data to removable storage devices or transferring them by email
  • And finally, do you have a formal Breach Response Plan

TechBrain’s cyber security services team can work with you to develop a Corporate Policy for Protecting Personal Information and a Response Plan in case there is a breach.