Incident and Breach notification
Last updated: Mar 18, 2021
This policy sets out the policies and procedures of Exec Viva Inc. (the “Viva”) with respect to [detection of personal data breaches, responding to personal data breaches and notification of personal data breaches to Viva’s management team, employees, contractor, and customers].
When dealing with personal data breaches, the Viva and all Viva personnel must focus on protecting individuals and their personal data, as well as protecting the interests of Viva.
- All Viva personnel must notify the appointed person immediately if they become aware of any actual or possible personal data breach. [This obligation is included in Viva’s Internal Handbook].
- The appointed person is primarily responsible for investigating possible and actual personal data breaches and for determining whether any notification obligations apply. Where notification obligations apply, the appointed person is responsible for notifying the relevant third parties in accordance with this policy.
- All Viva personnel must cooperate with the appointed person in relation to the investigation and notification of personal data breaches. [This obligation is included in Viva’s Internal Handbook].
- The steps taken by the appointed person when responding to a personal data breach may include:
- Ensuring that the personal data breach is contained as soon as possible;
- Assessing the level of risk to all Viva’s customers as soon as possible;
- Gathering and collating information from all relevant sources;
- Considering relevant data protection impact assessments;
- Informing all interested persons within Viva of the personal data breach and the investigation;
- Assessing the level of risk to Viva; and
- Notifying Viva’s appropriately involved and potentially affected management team, employees, contractors, and customers and others of the breach in accordance with this policy.
- The appointed person shall keep a full record (written where possible) of the response of Viva to a personal data breach, including the facts relating to the personal data breach, its effects and the remedial action taken.
- In the event that cyber liability risk is evaluated as high, Viva will purchase cyber liability insurance