Data Breach Notification Policy

In terms of the Protection of Personal Information Act, 4 of 2013

    1. Purpose

    Emergence Growth South Africa (“the Company”) is committed to protecting Personal Information in accordance with POPIA. This Policy sets out the process for identifying, reporting, managing and notifying Personal Information security compromises (“Data Breaches”).

    2. Scope

    This Policy applies to all employees, contractors, and third-party operators processing Personal Information on behalf of the Company.

    3. Definition Of A Data Breach

    A Data Breach means any unauthorised access to, or acquisition, loss, damage, or disclosure of Personal Information.
    Examples include:

    • Loss or theft of devices or records
    • Sending information to incorrect recipients
    • Unauthorised system access or cyber incidents
    • Human error
    • Physical incidents (fire, flood)

    4. Responsibilities

    The Information Officer is responsible for:

    • Managing and overseeing all Data Breaches
    • Notifying the Information Regulator and Data Subjects
    • Maintaining a Data Breach Register

    All employees must:

    • Immediately report any actual or suspected breach
    • Cooperate in investigations

    Operators must notify the Company without delay upon becoming aware of a breach.

    5. Reporting A Breach

    All breaches must be reported immediately to:
    Email: [email protected]
    Employees must not attempt to investigate or notify affected parties themselves.

    6. Breach Management Process

    Upon notification, the Information Officer will:

    • Assess whether a breach has occurred
    • Contain and mitigate the breach
    • Recover or secure affected data
    • Record the breach in the Data Breach Register
    • Conduct a risk assessment

    7. Notification Requirements

    Where required in terms of POPIA, the Company will: Notify the Information Regulator:

    • As soon as reasonably possible after discovery
    • Include details of the breach and mitigation steps

    Notify Data Subjects:

    • Where there is a risk of harm
    • Include description, consequences, and actions taken

    8. Record Keeping

    All breaches must be recorded, including:

    • Nature and cause
    • Impact
    • Actions taken
    • Preventative measures

    9. Prevention

    The Company will:

    • Review security controls regularly
    • Provide staff training
    • Conduct risk assessments
    • Improve systems and processes

    10. Disciplinary Action

    Failure to comply with this Policy may result in disciplinary action.

     

     

    11. Contact Details

    Email: [email protected]

    Updates to this Policy

    The Company reserves the right to amend this Policy at any time to ensure ongoing compliance with applicable legislation and best practices.

     

    Updated March 2026

    Ready to transform insights into action?
    Contact Emergence Human Capital to design, deploy, and drive meaningful change through intelligent employee engagement surveys.

    Office: +27 11 026 3442

    eMail: [email protected]

    https://emergencegrowth.com/hr-reward-services/hr-surveys-data-insights/