Data Breach Policy

Data Breach Policy


Effective Date: 26/09/2024


1. Identification

We are committed to the protection of personal data and ensuring the security of all information under our control. In the event of a data breach, we will identify and assess the breach promptly. This includes unauthorized access, disclosure, or loss of personal data. Upon identifying the breach, we will begin an immediate assessment to determine the severity, scope, and potential impact on affected individuals.


2. Response and Notification

Upon discovering a data breach, we will assess the scope and impact of the breach. If it is determined that there is a risk of harm to affected individuals, we will notify those individuals and the relevant regulatory authorities (such as the New Zealand Office of the Privacy Commissioner) as required under the New Zealand Privacy Act 2020.

  • - Affected users will be informed within 72 hours of identifying the breach.
  • - Notifications will include the nature of the breach, the type of data involved, and recommendations for affected users to mitigate potential risks (such as changing passwords).
  • - Regulatory bodies will be notified within 72 hours if required, in accordance with applicable data breach notification laws.

3. Mitigation and Containment

Once a breach has been identified, we will take immediate action to mitigate its effects. This includes:

  • - Containing the breach to prevent further unauthorized access or loss of data.
  • - Investigating the root cause of the breach and any security vulnerabilities that contributed to the incident.
  • - Collaborating with relevant third-party service providers, such as Supabase and Mailgun, to assist in containing and resolving the breach.
  • - Implementing short-term and long-term security measures to prevent future breaches, which may include updating security protocols, enforcing stronger encryption methods, or implementing additional user authentication steps.

4. Remediation

After the breach has been contained, we will take steps to remedy the situation. This includes:

  • - Conducting a thorough security audit to ensure that vulnerabilities have been addressed.
  • - Offering support to affected individuals, such as guidance on protecting their personal information and how to detect potential misuse of their data.
  • - Reviewing and updating our data protection policies and security procedures to prevent future breaches.
  • - Providing training to our employees and relevant stakeholders to raise awareness of data protection practices and breach prevention.

5. Record Keeping

As required by the Privacy Act 2020, we will maintain detailed records of any data breach incidents, including:

  • - The nature and scope of the breach.
  • - The affected data and individuals involved.
  • - The steps taken to mitigate, remediate, and prevent future occurrences.
  • - Notifications made to regulatory authorities and affected individuals.

These records will be kept in compliance with the law and used to improve our data protection strategies.


6. Legal Obligations and Compliance

RocketTags is committed to complying with all applicable data protection laws and regulations, including the New Zealand Privacy Act 2020. In the event of a breach, we will ensure that all legal obligations are met, including:

  • - Prompt and transparent communication with affected individuals.
  • - Adherence to regulatory reporting requirements.
  • - Implementation of appropriate technical and organizational measures to ensure data security moving forward.

7. Contact

If you have any inquiries regarding our Data Breach Policy or how we handle personal data breaches, please contact us at:
support@rockettags.com