PROCESS APPLIES TO
Follow this process when a privacy or security incident occurs.
Information Security Incident: An event that affects P&G information and/or systems and violates the law and/or Company policy/standards. These events may transpire within P&G systems or properties or within its designated third party vendor systems or properties that manage P&G data and/or systems (e.g., the P&G shareholder database). An Information Security Incident has or could compromise the confidentiality, integrity and/or availability of P&G information or operations and may be caused by P&G personnel and/or third party actors through intentional or unintentional means.
Privacy Incident: a type of Information Security Incident caused by any actual or probable unauthorized access to Personally Data, such as:
- Internal exposure of Personal Data to the wrong individuals.
- External exposure of Personal Data to the wrong individuals or to the public.
- Data corruption that merges individuals’ Personal Data.
- Loss of hardware — computers, thumb drives, CDs, etc.
- Unauthorized access to Personal Data - hacking/theft/abuse.
WHAT TO DO WHEN YOU BECOME AWARE OF AN INFORMATION SECURITY OR PRIVACY INCIDENT
Immediately inform the P&G incident experts by emailing incident details to firstname.lastname@example.org . Include the following information, if available:
- Cause of incident or potential disclosure and if the cause has been contained or remediated
- Types of data involved (e.g., names, credit card numbers, government IDs, sensitive business information)
- Location of impacted people and number of data records (if personal data involved)
- Potential impact to Company systems and data
INCIDENT MANAGEMENT PROCESS
After you inform email@example.com, a team of Company experts will investigate and respond to the potential incident.