NoodleTools, Inc. Breach Response Plan
Last updated: July 28, 2020
In the event that Student Data is accessed or obtained by an unauthorized individual, NoodleTools, Inc. (“Provider”) shall provide notification to the school or district (“Subscriber”) within forty-eight (48) hours. Provider shall email a Notice of Data Breach (“Notice”) to account contacts on record that details what happened, what Student Data was involved, and what is being done to resolve the issue. Subscriber will be given Provider email and phone contact information to obtain more information.
The Notice will specifically include:
- A description of the breach in plain language.
- Specific Student Data that NoodleTools believes to have been compromised.
- Estimated date or date range the breach occurred.
- A description of what NoodleTools has done to protect against further data breach.
- Advice to individuals whose information has been breached.
- NoodleTools contact information to obtain further details.
Provider agrees to adhere to all requirements in applicable State and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
Provider maintains and keeps updated a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information.