This data breach policy (“Policy”) governs the details of handling data breach issues in software Application I Have Voice (“Application”) for mobile devices that was created by Viktor Malyi (“Developer”).
A data breach generally refers to the unauthorized access and retrieval of information that may include personal data.
A number of security arrangements to protect the personal data that the App controls are developed to prevent unauthorized access, collection, use, disclosure, or similar risks.
Scope and Purpose
This Policy sets out the procedure to be followed to ensure a consistent and effective approach is in place for managing data breach and information security incidents related to the Application.
The objective of this Policy is to contain any breaches, to minimize the risk associated with the breach and consider what action is necessary to secure personal data and prevent further breaches.
Definitions / Types of breach
An incident in the context of this Policy is an event or action which may compromise the confidentiality, integrity or availability of systems or data, either accidentally or deliberately.
An incident includes but is not restricted to, the following:
- Unauthorized use of, access to or modification of data or information systems;
- Attempts (failed or successful) to gain unauthorized access to information or IT system(s);
- The unauthorized disclosure of sensitive/confidential data;
Reporting of an Accident
Anyone who is suspecting the data or personal information breach event related to the Application is required to inform Developer at firstname.lastname@example.org.
The report must include full and accurate details of the incident, when the breach occurred (dates and times), who is reporting it and if the data relates to people, the nature of the information.
Recovering from a Data Breach
The Developer will first determine if the breach is still occurring. If so, the appropriate steps will be taken immediately to minimize the effect of the breach.
An initial assessment will be made by the Developer to establish the severity of the breach.
The Developer will then determine the suitable course of action to be taken to ensure a resolution to the incident.
Users whose personal data has been affected by the incident, and where it has been considered likely to result in a high risk of adversely affecting that individual’s rights and freedoms, will be informed without undue delay.
Notification will include a description of how and when the breach occurred and the data involved. Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks.
Individuals will also be provided with a way in which they can contact the Developer for further information or ask questions on what has occurred.