FB Twitter

This Website uses Cookies to give you the best, most relevant experience. We do not share your data with third parties. Continued use of this site indicates you are happy with our Policy.

Data breach policy

neXtep Business Builder Community (We, Our, Us and other similar terms) is committed to protecting the personal information We collect from Our users (User, You, Your and other similar terms).

This data breach policy (Data Breach Policy) applies to all personal information held by Us and must be read in conjunction with our Privacy Policy. This Data Breach Policy sets out how We will generally respond in the event of a data breach.

For the purpose of this Data Breach Policy, a data breach (Data Breach) occurs where personal information held by Us is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference.

1. Containment, limitation and preliminary assessment of a Data Breach

Containment and limitation
If We become aware of a Data Breach, or potential Data Breach, We will take reasonable steps to:

  • contain it; and
  • limit any harm that has or may occur as a result of it (Containment).

Preliminary assessment
Following Containment, We will undertake a preliminary assessment, intended to identify:

  • what personal information was subject to the Data Breach;
  • what was the cause of the Data Breach;
  • what are the potential consequences of the Data Breach; and
  • who needs to be informed of the Data Breach, including but not limited to:
    • internal staff;
    • external agencies, such as law enforcement bodies; and
    • potentially affected individuals.

2. Risk evaluation

Risk evaluation
Following Containment and a preliminary assessment, We will undertake a risk evaluation in order to determine what other steps are immediately necessary (Risk Evaluation).

Considerations for Risk Evaluation
In completing a Risk Evaluation, we will consider:

  • the type of personal information subject to the Data Breach;
  • the context of the personal information subject to the Data Breach;
  • the cause and extent of the Data Breach;
  • the risk of harm to affected individuals; and
  • the risk of harm to Us.

3. Notification

Application of clause
This clause 3 applies where:

  • following the Risk Evaluation, We determine in our discretion, but acting reasonably, that:
    • there has been a Data Breach; and
    • that Data Breach is likely to result in serious harm to any of the individuals to whom the information the subject of it relates (Eligible Data Breach); or
  • where we are required under any agreements with third parties, to notify them of any Data Breach.

Eligible Data Breach
In assessing whether a Data Breach is an Eligible Data Breach, We will consider the following matters:

  • the kind of information;
  • the sensitivity of the information;
  • whether the information is protected by security measures;
  • the likelihood of any security measures being overcome;
  • the person or persons who have obtained, or could obtain, the information;
  • if a security technology or methodology designed to make the information unintelligible or meaningless to persons without authority to access it:
    • was used in relation to the information; and
    • the likelihood of any such technology or methodology could be circumvented;
  • the nature of the harm that may result; and
  • any other relevant matters.

Statement and notification
As soon as practicable, We will prepare a statement setting out:

  • how any potentially affected individuals may contact Us;
  • a description of the Eligible Data Breach;
  • the kinds of information subject to the Eligible Data Breach; and
  • any actions we recommend affected individuals should take in response (Eligible Data Breach Statement).
We will provide a copy of the Statement to the Information Commissioner if required.
If it is reasonably practicable to do so, we will provide a copy of the Statement to any potentially affected individuals, using their most recent contact details We have on record. We may, in our discretion, publish a copy of the Statement on our Website.