ManagedMethods Data Breach Protocol

In the event of a data breach, ManagedMethods will adhere to the applicable state data breach regulations of the impacted user(s).

Definition

A breach is any unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the personal information that we maintain.

Personal Information

Unencrypted information containing: individuals’ names or initials, social security numbers, driver’s license number or other identification numbers, financial information (i.e., bank account number, credit or debit card number), medical information, health insurance information, and other personal identifiers that we might have detected as sensitive data.

Time Frame

In the event of a data breach, the goal is to provide notice to affected parties as soon as reasonably possible.

Recipients of the Notice

We will notify both the impacted users and any known schools to which those users belong via contact information on record.

Information in the Notice

• Company contact information
• A general description of the breach incident
• An explanation, to the best of our knowledge, of what happened
• A listing of the types of personal information that is believed to be compromised
• If known, the date and time of the breach, or a best estimate
• Whether the notification was delayed as a result of law enforcement
• What steps the company has taken to mitigate the situation, prevent it from happening again, and advice to the impacted individuals on how they can best protect themselves

Method of Notification

Notifications will be sent via email to all impacted users. Written notice may be sent to the impacted schools in addition to email. Depending on where the impacted user lives, they may have a legal right to receive notice of a security breach in writing.