College / School Alumni Website Network - Alumnly
College / School Alumni Website Network - AlumnlyCollege / School Alumni Website Network - Alumnly

The Alumnly Data Breach Policy outlines the procedures and responsibilities for identifying, responding to, and mitigating the effects of data breaches. This policy ensures that data breaches are handled in a timely and efficient manner to minimise harm and comply with regulatory requirements.

1. Data Breach Identification

1.1. Reporting a Data Breach

  • Alumnly users, employees and contractors must report suspected security or data breaches immediately to Alumnly via email or phone. Contact details can be found here
  • Reports should include details of the suspected breach, including the nature of the data involved and the circumstances of the breach.

1.2. Initial Assessment

  • Alumnly conducts an initial assessment to determine whether a data breach has occurred.
  • If a data breach is confirmed, Alumnly initiates the data breach response process.

2. Data Breach Response

2.1. Containment and Mitigation

  • Alumnly takes immediate steps to contain the breach and prevent further unauthorised access or disclosure of data.
  • Measures may include isolating affected systems, revoking access permissions, and applying patches or updates.

2.2. Impact Assessment

  • Alumnly assesses the impact of the data breach, including the type and amount of data involved, the number of affected data subjects, and the potential harm to individuals.
  • The assessment also considers the likelihood of data misuse and the potential for further breaches.

2.3. Notification

  • Alumnly notifies relevant regulatory authorities within the required timeframe.
  • If the breach poses a high risk to individuals, Alumnly communicates with affected data subjects promptly, providing clear and specific information about the breach and any steps they should take to protect themselves.
  • Alumnly documents all actions taken in response to the data breach, including the initial report, containment and mitigation measures, impact assessment, notifications, and follow-up actions.

2.4. Documentation

  • Alumnly documents all actions taken in response to the data breach, including the initial report, containment and mitigation measures, impact assessment, notifications, and follow-up actions.

3. Post-Breach Review

3.1. Root Cause Analysis

  • Alumnly conducts a root cause analysis to identify the underlying causes of the data breach.
  • The analysis helps to identify any weaknesses in security controls or processes that contributed to the breach.

3.2. Remediation

  • Alumnly implements measures to address the root causes of the data breach and prevent future occurrences.
  • Remediation actions may include updating security policies and procedures, enhancing technical controls, and providing additional training to employees.

3.3. Review and Improvement

  • Alumnly reviews the effectiveness of the data breach response process and identifies areas for improvement.
  • Lessons learned from the data breach are incorporated into the Alumnly's data protection strategy and policies.

4. Training and Awareness

  • Regular training is provided to employees and contractors on data protection and data breach response procedures.
  • Awareness campaigns are conducted to ensure that all staff understand their responsibilities in reporting and responding to data breaches.

5. Compliance and Monitoring

  • Alumnly monitors compliance with this policy and conducts regular audits to ensure that data protection practices are followed.