Incident Response
We maintain an incident response process designed to identify, contain, investigate, and remediate security incidents in a timely and effective manner.
If we become aware of a personal data breach or other security incident affecting Customer Data, we will assess the nature and scope of the incident without undue delay, take appropriate steps to contain and mitigate its impact, and implement corrective measures to help prevent recurrence.
Where the incident is reasonably likely to affect Customer Data, we will notify the affected customer promptly after becoming aware of it. That notification will include, to the extent reasonably available at the time:
- a general description of the nature of the incident;
- the categories of data affected;
- the likely impact on the customer;
- the measures taken, or proposed to be taken, to contain, investigate, and remediate the incident; and
- where relevant, recommended steps the customer should take.
As our investigation progresses, we may provide additional information in phases as it becomes available. We will also cooperate reasonably with affected customers in relation to the incident and our response, taking into account the nature of the services provided and the information available to us.