Chapter 11 - Information Technology & Information Management

REPORTING AND RESPONDING TO SECURITY BREACHES

All employees are required to report to their supervisor or the Program Coordinator any material risk to or breach of the security of Personal Information maintained by the Company. Any supervisor receiving such a report must promptly inform the Program Coordinator.
The Program Coordinator will:
• undertake any action necessary to respond to the risk or breach;
• conduct a post-incident review of the events and all actions taken, if any, to make changes in business practices relating to protection of personal information; and
• document any such post-incident review and all responsive actions taken in connection with any incident involving a breach of security.