Data Breach Policy

What will we do in the event of a data breach?

Enquiry Tracker has a Critical Incident Response process (which includes our Developers, and Senior Management), and a Breach Response Plan.

Below is a high level summary of the steps Enquiry Tracker will take in the event of a suspected data breach.

Step 1 – Incident detection and preliminary assessment

  • Enquiry Tracker users, employees and contractors can report suspected operational and security breaches to Enquiry Tracker Support via email or phone.
  • Enquiry Tracker will take immediate steps to conduct a preliminary investigation, where we will identify and classify the suspected breach.

Step 2 – Contain breach

If the preliminary investigation confirms a suspected breach, we will take immediate steps to:

  • Contain the breach.
  • Limit distribution of the affected personal information.
  • Limit possible compromise of other information.

Step 3 – Evaluate risks associated with the breach

The next step is to undertake a reasonable and expeditious assessment to:

  • Gather all relevant information on the breach.
  • Determine who needs to be made aware of the breach.
  • Document everything at each step.

Step 4 – Notification

Enquiry Tracker will notify affected organisations and users as soon as possible once the facts are known, if:

  • There is a chance of serious harm, or if a notification would give the users or customer organisation the ability to avoid serious harm.

Step 5 – Review to prevent future breaches

In the event of a breach, Enquiry Tracker will:

  • Fully investigate the cause of the breach.
  • Record an incident report.
  • Implement recommendations from the investigation to prevent future breaches.