You are probably already familiar with security-related incidents such as phishing, malware, and hacking. These terms all relate to security breaches that can be devastating to an organization’s Information Technology systems.
A privacy incident is different than a security-related incident. A privacy incident is an attempted or successful unauthorized access, disclosure, or misuse of Personal Information. Personal Information relates to an identified or identifiable person and includes things like names, email addresses, Social Security numbers, and account numbers.
Privacy incidents and security incidents often happen together. But, privacy incidents may happen in the absence of a security incident and include:
- Sending a communication to a customer containing the personal information of a different customer.
- Sending an email containing personal information to someone in the Company named Sam, but accidentally emailing your mom named Samantha.
- Double stuffing an envelope with information relating to multiple customers.
What do I do if I observe a privacy incident?
We all play an important role in helping Republic keep data secure. You should report any privacy incident that you observe or become aware of as quickly as possible, even if you’re not sure. For example, if a customer informs you that they received an email containing Personal Information relating to a different individual, it is important you notify the Privacy Team of this occurrence, even if you’re unsure this situation would be a privacy incident.
How can I contact the privacy team?
You can reach the privacy team at firstname.lastname@example.org