In the event Employers Assistance discovers a potential or proven data breach of its online data systems, the following protocol will be followed:

• Any affected online systems and services which are proven to be vulnerable or potentially expose risk of data breaches will be manually taken offline until the source of the compromise is established to be ceased or no longer presents a threat.
• Any and all potential customers affected affected by a data breach will be contacted electronically in the first instance to alert them, outline the issue and explain the extent to which their data may be affected.
• As per the Privacy Act 2020, notification of breaches to the Office of the Privacy Commissioner will be discussed with all affected clients as to the ramifications, nature and severity of any breaches.
• All affected systems will remain offline until Employers Assistance Ltd is satisfied it is safe to re-activate them.

Employers Assistance will undertake a thorough investigation of systems involved to ascertain all required fixes to remedy and protect data integrity from future occurrences. This may include the engagement of 3rd party specialist companies. In this case any affected customers will be advised which parties have been engaged to undertake such work.

All user data on our Employers Toolbox HRIS is stored in Microsoft Azure cloud. For more information on Microsoft's data breach policy please see: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-breach-azure-dynamics-windows

Further enquiries on this should be directed to itadmin@employers.co.nz