What is Converge’s notification process, and the duration of the notification process regarding third-party confidentiality breaches?
Converge have a Security Incident Response Overview that contains a section on Incident Communication.
Converge Management maintains that open communication should occur throughout the entire process, and incident management should occur in accordance with relevant legislation, standards, and policies.
In cases where a security incident results in a compromise of client, personal information, or information provided by government entities, Converge will inform other parties or regulators as required by local law and contractual obligations. Incidents where information has been compromised are assessed by Converge’s Legal Counsel, and any notification of external parties or bodies performed in coordination with the Legal Counsel and Client Team.
Converge International has a formal Data Breach escalation process, which operates for identified breaches (human error and systems breach)
The escalation process involves identified data breaches being communicated to Converge International’s Chief Privacy Officer and Privacy Representative within 24 hours of the breach becoming known.
Depending on the nature of the breach and the inherent risk of harm to the Customer, Client or Consultant impacted, the Chief Privacy Officer (CFO) will review the details of the breach with key senior executives including Chief Executive Officer, Chief Data Officer, Chief Customer Officer, Executive Director People, Culture and Learning and Executive Director People Assist.
If the risk of harm is considered likely, the Chief Privacy Officer with make a Notifiable Data Breach submission to the OAIC (or relevant State / Territory authority).
Converge International commits to notifying the impacted individual or impacted client of the data breach within required timeframes (generally within 24-48 hours) of becoming aware of the data breach.
Converge Management maintains that open communication should occur throughout the entire process, and incident management should occur in accordance with relevant legislation, standards, and policies.
In cases where a security incident results in a compromise of client, personal information, or information provided by government entities, Converge will inform other parties or regulators as required by local law and contractual obligations. Incidents where information has been compromised are assessed by Converge’s Legal Counsel, and any notification of external parties or bodies performed in coordination with the Legal Counsel and Client Team.
Converge International has a formal Data Breach escalation process, which operates for identified breaches (human error and systems breach)
The escalation process involves identified data breaches being communicated to Converge International’s Chief Privacy Officer and Privacy Representative within 24 hours of the breach becoming known.
Depending on the nature of the breach and the inherent risk of harm to the Customer, Client or Consultant impacted, the Chief Privacy Officer (CFO) will review the details of the breach with key senior executives including Chief Executive Officer, Chief Data Officer, Chief Customer Officer, Executive Director People, Culture and Learning and Executive Director People Assist.
If the risk of harm is considered likely, the Chief Privacy Officer with make a Notifiable Data Breach submission to the OAIC (or relevant State / Territory authority).
Converge International commits to notifying the impacted individual or impacted client of the data breach within required timeframes (generally within 24-48 hours) of becoming aware of the data breach.