Legally Required
Data Breach Response Plan
This plan outlines the steps The Visa Agent will take in the event of a security compromise, as required by POPIA Section 22.
Step 1 — Identify and contain the breach
- Immediately notify Natalie — the designated Information Officer
- Isolate affected systems to prevent further unauthorised access
- Preserve all evidence — do not delete or alter any logs or files
- Document the date, time and nature of the breach
Step 2 — Assess the risk
- Determine the nature and extent of the personal information compromised
- Assess the likelihood of harm to affected data subjects
- Identify whether special personal information is involved (health, biometric, financial)
Step 3 — Notify the Information Regulator
Information Regulator of South Africa
Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za
Step 4 — Notify affected data subjects
- Notify all affected data subjects as soon as reasonably possible
- Include a description of the breach and measures being taken
- Provide contact details: natalie@thevisaagent.co.za
Step 5 — Remediate and review
- Fix the vulnerability that caused the breach
- Document all actions taken throughout the incident
- Review and update security measures to prevent future breaches