The ODPC received a full client company list from Loyaltybuild in respect of those client companies whose customer data was exposed during the data breach. The ODPC immediately instructed Loyaltybuild to notify these client companies of the breach of their customer’s data and received confirmation from Loyaltybuild that this has taken place.
The ODPC also made contact with the client companies of Loyaltybuild based in this jurisdiction and instructed them to inform their customers of the breach of their data in accordance with our data security breach code of practice. The focus of our investigation to date has been uncovering the extent and nature of the personal data involved in the breach and ensuring that affected individuals have been duly notified. It is our understanding that this notification process is nearing completion.
Given the transborder nature of this data breach, the ODPC has taken the important measure of notifying relevant European colleague data protection authorities providing them with relevant information for any follow up action they may need to take.
The ODPC investigation is continuing with the focus now on security practices and procedures employed by the company. Part of this phase of the investigation will also involve the carrying out of a follow up inspection. The company has ceased its processing of personal data until such time as it can satisfy this Office that adequate security measures are in place.