Effective Date: 10-Mar-2020
Last Updated: 10-Mar-2025

At CTech Digital

Data Breach Policy

1. Introduction

ctechdigital.com is committed to safeguarding the personal and sensitive data of its employees, customers, and partners. This Data Breach Policy outlines the procedures for detecting, reporting, and responding to data breaches to minimize risks and comply with applicable data protection laws.

2. Scope

This policy applies to all employees, contractors, third-party service providers, and any other individuals who have access to company data. It covers all data processing activities, including storage, transmission, and handling of sensitive and personal information.

3. Definition of a Data Breach

A data breach occurs when unauthorized access, disclosure, or loss of data occurs due to accidental, malicious, or criminal activities. Examples include:

• Unauthorized access to sensitive information
• Accidental exposure of personal data
• Data theft by cybercriminals
• Loss or theft of devices containing sensitive information
• Insider threats leading to data leakage

4. Responsibilities

4.1 Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for overseeing data security measures, managing breach response actions, and ensuring compliance with data protection laws.

4.2 Employees and Contractors

All employees and contractors must:

• Adhere to security policies and best practices.
• Report any suspected or actual data breaches immediately.
• Follow prescribed security protocols when handling sensitive data.

5. Detection and Reporting

5.1 Identifying a Breach

Potential data breaches may be detected through:

• System security monitoring and alerts
• Employee or customer reports
• Regular security audits

5.2 Reporting a Breach

All suspected breaches must be reported immediately to the DPO or IT Security team through the designated incident reporting process. The report should include:

• Description of the suspected breach
• Date and time of occurrence
• Type of data affected
• Potential impact assessment

6. Containment and Assessment

Upon receiving a breach report, the IT Security team will:

• Isolate affected systems to prevent further damage.
• Assess the scope and severity of the breach.
• Identify affected individuals and data categories.
• Implement immediate containment measures.

7. Notification and Communication

7.1 Internal Notification

All key stakeholders, including senior management and the legal team, will be informed about the breach.

7.2 External Notification

If the breach involves personal data, notifications will be sent to:

• Affected individuals, detailing the nature of the breach and mitigation steps.
• Relevant regulatory bodies within the required legal timeframe.
• Law enforcement agencies if the breach involves criminal activity.

8. Remediation and Prevention

8.1 Corrective Actions

Following containment, corrective actions will be implemented, including:

• Patching vulnerabilities
• Strengthening access controls
• Enhancing monitoring and detection systems

8.2 Training and Awareness

Regular training sessions will be conducted to educate employees on data security practices and breach prevention.

8.3 Policy Review and Updates

This policy will be reviewed annually or after any major data breach event to ensure its effectiveness and compliance with evolving data protection regulations.

9. Compliance and Enforcement

Failure to comply with this policy may result in disciplinary action, legal consequences, or termination of employment/contract. All employees and third parties must adhere to the procedures outlined in this policy to protect ctechdigital.com’s data integrity and reputation.

This Data Breach Policy ensures that ctechdigital.com is prepared to handle data breaches effectively, minimizing risks and ensuring compliance with legal and regulatory requirements.