Create Data Breach Notification FAQ
Briefly describe the update
Background
Before the redesign of the Trust Center a couple years ago, we had a data breach notification policy. From the time of its removal, I am not aware of any discussion on why this should be removed, nor of any attempts to replace it.
@a.conrad brought this up in Slack (internal), as a customer was asking about such a policy in a Support ticket (internal).
Justification
Some equivalent information from the old policy can be found by digging into our GDPR compliance page and our Security Incident Response Guide. However, we no longer have a policy (as opposed to a procedure, as defined in the Controlled Documents page's Definitions by Hierarchy section) on data breach notifications.
Lacking this policy, it is harder for customers to:
- Find any of this information
- Understand what to expect regarding communication
- Understand what we define as a data breach
@jlongo_gitlab and @heather suggested that an FAQ that aggregates information about data breaches would be the preferable path as (re)introducing a controlled document would require review of all controlled documents to ensure there aren't any contradictions.
This issue is to track the work of creating that page.
Previous discussion in !109357 (closed)