Data Breach Response Plan
Effective Date: 7 May 2025 | Version: 1.0
Reviewed By: Information Officer, Kliksend (Pty) Ltd
Regulatory Reference: Protection of Personal Information Act, 4 of 2013 ("POPIA") – Sections 19–22
1. Purpose
This Data Breach Response Plan sets out the procedures Kliksend will follow in the event of an actual or suspected data breach involving personal information processed or stored by the company. The plan ensures compliance with POPIA and aims to mitigate harm to data subjects and Kliksend.
2. Definition of a Data Breach
2.1 A data breach includes:
- Unauthorized access to or disclosure of personal information
- Loss or theft of personal information
- Accidental or unlawful destruction of personal information
- Compromise of data confidentiality, integrity, or availability
Examples include:
- Hacking, malware, or ransomware attack
- Lost/stolen devices or drives containing user data
- Misdelivery of personal information
- System or human error exposing user data
3. Breach Detection and Identification
Kliksend’s IT and Security team is responsible for monitoring systems for potential threats and anomalies using:
- Intrusion detection systems (IDS)
- Access logs and audit trails
- Endpoint protection and malware scanners
- Reports from users, staff, or third parties
4. Immediate Containment and Mitigation
Once a breach is suspected or confirmed, Kliksend will:
- Isolate affected systems to prevent further data leakage
- Suspend compromised accounts or services (if applicable)
- Secure backups to preserve data integrity
- Prevent reoccurrence through temporary security patches or access restrictions
5. Investigation
The Information Officer will appoint a breach response team (including IT, Legal, and Compliance) to:
- Determine the nature, scope, and cause of the breach
- Identify affected data and number of impacted data subjects
- Assess if sensitive or special personal information was involved
- Document the timeline of the breach and corrective actions taken
6. Notification Procedures
6.1 Kliksend will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects, providing:
- A description of the breach
- The nature of the information compromised
- Measures taken or planned to address the breach
- Recommendations for data subjects to mitigate harm
- Contact details for further assistance (e.g., the Information Officer)
6.2 Notification Method: Email, SMS, phone call, or public notice, depending on available contact information and circumstances.
7. Documentation and Record-Keeping
Kliksend will maintain a Data Breach Register containing:
- Date and time of breach discovery
- Summary of the incident
- Steps taken for mitigation and resolution
- Copies of all notifications sent
- Regulatory submissions and correspondence
This is required for audit, compliance, and continuous improvement purposes.
8. Post-Breach Review
After resolution, Kliksend will conduct a review to:
- Identify root causes and policy weaknesses
- Implement corrective actions (technical, procedural, or training)
- Update security protocols, response procedures, and documentation
- Report lessons learned to management and relevant teams
9. Training and Awareness
Kliksend commits to:
- Annual employee training on breach prevention and reporting
- Running breach response simulations (tabletop exercises)
- Updating staff on emerging threats and compliance requirements
10. Roles and Responsibilities
| Role | Responsibility |
|---|---|
| Information Officer | Overall breach coordination, regulator notification, and policy enforcement |
| IT and Security Team | Incident detection, containment, forensics, and remediation |
| Legal & Compliance | Legal risk assessment, data subject notification review, and POPIA compliance |
| Support & Communication | Assisting affected users and handling media or stakeholder queries |
Contact Details
Information Officer: isaac@kliksend.co.za
Security Team: security@kliksend.co.za
Information Regulator: inforeg@justice.gov.za