# Personal data breach policy

This document describes the procedure which we will follow in the event of a breach of personal information. It has been prepared with reference to current best practice guidelines (opens new window) and in consultation with our technical and legal teams.

# Procedure during a breach

  1. Notify the regulator as per the POPI act (opens new window)
  2. Notify all clients of an ongoing investigation
  3. Suspend all incoming services until the results of an internal investigation have been completed
  4. Conduct the internal investigation and produce a report of:
    1. List the extent of the breach (which users were impacted at each client)
    2. Determine origin of the breach and counter-measures to prevent any future access to personal data
    3. Implement counter-measures
    4. Resume service
    5. Disseminate client-specific reports to each affected client[1] by email
  5. We will post a message on our blog with a summary of the incident

# Notify us

In addition, should any parties wish to bring any information to our attention regarding a breach or suspected breach of our data they can contact us via our support channel


  1. Note: in most cases it will not be possible to notify affected users directly as Spike does not have direct contact details for these users. Spike will rely on the client (as responsible party) to communicate this information to affected users on our behalf. ↩︎

Updated: 7/21/2021, 9:29:43 AM