Mavely has implemented the following procedures to follow in the event of a data breach involving personally identifying information (PII) or other confidential information maintained on personal computers, agency networks, or internet programs used by staff and volunteers.  

The following staff have key responsibility for implementing and executing the data breach procedures:

• SEAN OBRIEN – SEAN@MAVELY.LIFE
• ADRIAN CARBALLO – ADRIAN@MAVELY.LIFE

In an effort to prevent a breach of data and PII, Mavely has implemented the following measures to prevent the breach of data:

• LIMITED SCOPE AND RETENTION OF PII DATA:
  1. https://mavely.freshdesk.com/support/solutions/articles/48001219830-personal-information-scope-and-policy
• INSTALLED AND INTEGRATED ANTI-VIRUS, INTRUSION NOTIFICATION SOFTWARE, AND ALERT MONITORING
• INSTITUTED PROPER ENCRYPTION METHODS ON ALL DATA SOURCES
• CONNECT WITH LOCAL LAW ENFORCEMENT SUPPORT TO LOCATE AND APPREHEND PERPEETRATORS.  

Mavely has identified the following items as critical systems and files that will be uploaded to a back-up system on DAILY basis:

• USER, REPORTS, AFFILIATE LINK EVENTS TABLES

In the event of a data breach or imminent breach of PII data, in order to contain the data breach and minimize the extent of the intrusion:

• Disconnect the affected and related systems or networks from Internet access.
• Contact (1^st/ 2^nd RESPONDER) to notify them of the data breach or imminent breach of PII data.
• Document date and time the breach occurred, what files the user was accessing at the time of the breach, the breach team member contacted, and actions taken to secure data.
• Contact technical support to detect and remove the malware or other information related to the breach.
• Notify the VOCA Administrator at GCC within 24 hours of the breach occurrence or detection of breach/recognition of imminent breach.
• Review virus/malware/other protective software to review system vulnerabilities and increase the level of protection for the system.
• If possible, reimage the system and restore from backup files.

Following the incident, Mavely staff will review procedures to determine if any actions by the user or the team contributed to the data breach.  Staff will be updated on policies to protect against data breaches or imminent breaches of PII data. 

A computer technician will review software, updates, and software/data protection programs to improve the security of the data and operating system to prevent further incidents. Information related to the data breach will be documented on the incident log, repairs or modifications implemented will be included on the log and kept in a secure location.  

If necessary, the management team will review procedures and make necessary changes to the procedures to improve the security of PII and other secure information.