🚨  Learn more about our Exciting New Program – Online Direct   🚨

Privacy Policies
Coordinator Panel
Access Artwork
Search
Main Menu
Get Started
Mobile header:
original works logo
Main Menu
Data Breach Policy

Data Breach Policy

Updated: May 2026

The Company takes the security of your information seriously. In the event of a data breach involving personal data, we will promptly investigate and take appropriate steps to mitigate the impact. Affected individuals and institutions will be notified in accordance with applicable state and federal laws. Notification timeframe will not exceed 15 days after the event is detected. We maintain technical and organizational safeguards to help prevent unauthorized access, disclosure, or misuse of personal information. 

The Company implements a range of administrative, technical, and physical safeguards to protect personal information, including: 

  • Encryption of data in transit and at rest
  • Secure access controls to restrict information to authorized personnel only 
  • Routine system monitoring for unauthorized activity 
  • Firewall and intrusion detection systems 
  • Regular employee training on data protection, privacy practices, and PCI compliance 
  • Data minimization practices to limit the collection of personal information 

In the event of a breach, we follow documented incident response protocols to contain, assess, and notify affected parties in accordance with legal requirements. 

Incident Response Checklist 

  1. Identify & Contain
    1. Detect breach (automated alert, employee report, etc.) 
    2. Immediately isolate affected systems
    3. Preserve logs and evidence 
  2. Assess the Scope 
    1. Determine what data was exposed (type, volume, PII) 
    2. Identify affected individuals or school partners 
    3. Assess risks (identity theft, reputational, regulatory) 
  3. Notify Stakeholders 
    1. Alert internal leadership and legal counsel 
    2. Notify affected schools, parents, or users 
    3. Report to authorities if legally required (e.g., state AG, FTC) 
  4. Remediate 
    1. Patch vulnerabilities 
    2. Reset compromised credentials 
    3. Review third-party access 
  5. Communicate Transparently 
    1. Draft and send notifications with clear guidance to affected parties 
    2. Post incident FAQs if applicable 
  6. Document & Improve 
    1. Complete a breach report and root cause analysis 
    2. Update policies or training based on findings 
    3. Conduct a postmortem with the team 
Ready to learn more?

Request more information and get started today!

REQUEST INFO