Enquiry Tracker has a Data Security Compliance Program to ensure we operate in accordance with relevant laws and regulations in the event of a Data Breach, including:
Privacy Act, Part IIIC, Notifiable Data Breaches Scheme
Personal Information Protection and Electronic Documents Act (PIPEDA), coming Nov 2018
General Data Protection Regulation (GDPR), Article 33 & 34
HIPPA Breach Notification Rule
If you have any concerns, please contact us at [email protected]
What will we do in the event of a data breach?
Enquiry Tracker has a Critical Incident Response process (which includes our Developers, and Senior Management), and a Breach Response Plan.
Below is a high level summary of the steps Enquiry Tracker will take in the event of a suspected data breach.
Step 1 – Incident detection and preliminary assessment
- Enquiry Tracker users, employees and contractors can report suspected operational and security breaches to
- Enquiry Tracker Support via email or phone.
- Enquiry Tracker will take immediate steps to conduct a preliminary investigation, where we will identify and classify the suspected breach.
Step 2 – Contain breach
If the preliminary investigation confirms a suspected breach, we will take immediate steps to:
- Contain the breach.
- Limit distribution of the affected personal information.
- Limit possible compromise of other information.
Step 3 – Evaluate risks associated with the breach
The next step is to undertake a reasonable and expeditious assessment to:
- Gather all relevant information on the breach.
- Make a decision, based on the investigation, about whether the breach is an eligible data breach.
- Determine who needs to be made aware of the breach.
- Document everything at each step.
Step 4 – Notification
Enquiry Tracker will notify affected organisations and users as soon as possible once the facts are known, if:
- There is a chance of serious harm, or if a notification would give the users or customer organisation the ability to avoid serious harm.
- An incident is likely to cause humiliation or embarrassment for the individual.
- Their medical data was lost or stolen or viewed by the wrong people.
If the user affected is an Enquirer atn Enquirer, Enquiry Tracker will work with the Organisation to decide on who communicates to the Enquirer (e.g. the parent/guardian).
Enquiry Tracker will inform your country’s relevant Privacy Commissioner (e.g. OAIC in Australia), of any eligible data breaches, providing ongoing updates on key developments.
Step 5 – Review to prevent future breaches
In the event of a breach, Enquiry Tracker will:
- Fully investigate the cause of the breach.
- Record an incident report.
- Report to your countries relevant Privacy Commissioner on outcomes and recommendations in the event of a notifiable breach.
- Implement recommendations from the investigation to prevent future breaches.