Introduction
This article explains the steps to follow and how to report it if Personally Identifiable Information (PII) is found in a Mendix application. Prompt attention and following this procedure help protect privacy, comply with data protection regulations, and ensure the secure operation of applications.
Environment
Applications hosted in any deployment type
Instructions/Procedure
If PII is encountered, please follow these steps immediately:
-
Stop further access
Do not proceed with further access, viewing, or processing of the PII.
- Contact Mendix security team
- Send an email to security@mendix.com without delay. In the email, provide a concise description of where and how the PII was encountered.
- Do not include the actual PII in the email. Only describe the context (e.g., "found PII in a log file for Project X," or "encountered PII in a test database").
- Purge local information
- If any PII was inadvertently downloaded, copied, or stored locally (e.g., on a machine, in a temporary file, or a screenshot), promptly and securely purge this information.
- Empty the recycle bin/trash.
- Do not share or distribute the PII further.
-
Await guidance
The Mendix Security team will respond to the report and provide specific instructions on next steps, which may include further investigation or data handling procedures.
Outcome
Mendix security team will initiate a prompt investigation into the source and nature of the PII. Guidance on next steps and any necessary remediation actions will be provided by the Security team, ensuring the secure handling and resolution of the PII incident.
Internal information related
Not applicable
Additional information
Mendix documentation: Frequently Asked Questions – Security
0 Comments