Security & Incident Response

Data Breach & Incident Response Protocol

Our commitment to rapid response and transparency in the event of a security incident

72-Hour Breach Notification Commitment
GDPR Article 33 & 34 Compliance

CourseCompass commits to the following response timeline:

1

Within 72 hours of discovery:

Notify the Data Protection Commission (Ireland) of any confirmed personal data breach

2

Without undue delay:

Inform affected schools, students, and parents/guardians directly via email

3

Immediate containment:

Take all necessary measures to contain and mitigate the breach

What Constitutes a Data Breach?

Under GDPR, a personal data breach means a breach of security leading to:

🔓 Unauthorized Access

Any unauthorized person gains access to student data, assessment results, or personal information

🗑️ Accidental Deletion or Loss

Personal data is accidentally or maliciously destroyed or lost

📤 Unauthorized Disclosure

Data is shared with or disclosed to unauthorized recipients

✏️ Unauthorized Alteration

Personal data is modified without authorization

Our Incident Response Process

Phase 1: Detection & Assessment (0-24 hours)

  • Continuous monitoring systems detect unusual activity
  • Security team investigates and confirms incident
  • Assess scope, severity, and potential impact on data subjects
  • Document all findings and maintain incident log

Phase 2: Containment & Mitigation (24-48 hours)

  • Immediately isolate affected systems
  • Reset credentials and revoke unauthorized access
  • Implement emergency security patches
  • Preserve evidence for investigation

Phase 3: Notification (Within 72 hours)

  • Notify Data Protection Commission (Ireland)
  • Contact affected schools via designated contacts
  • Email all affected users with clear explanation and guidance
  • Post public incident notice on website (if high-risk)

Phase 4: Recovery & Prevention (Ongoing)

  • Conduct full forensic analysis
  • Implement corrective measures and security enhancements
  • Update incident response procedures based on lessons learned
  • Provide follow-up communications to affected parties
What You'll Receive in a Breach Notification

If you're affected by a data breach, we will send you clear, plain-language communication including:

📋 Nature of the Breach

What happened, when it was discovered, and what data was affected

⚠️ Potential Consequences

What risks you may face as a result of the breach

🛡️ Measures Taken

What we've done to address the breach and prevent recurrence

✅ Recommended Actions

Steps you should take to protect yourself (e.g., password changes)

📞 Contact Information

How to reach our Data Protection Officer for questions and support

Report a Security Concern
If you suspect a security incident or data breach

🚨 Security Incident Reporting

If you believe you've discovered a security vulnerability or experienced unauthorized access to your account, please contact us immediately:

Email (Urgent):

info@coursecompass.ie

General Data Protection:

info@coursecompass.ie

All reports are treated with strict confidentiality and investigated immediately.