Company supervisors are required to establish and maintain legal, administrative, technical and physical safeguards for the protection of confidential information and records containing such information, including requirements for the proper and secure transfer (including between Company entities) and disposal of media containing such information and requirements to notify affected parties and regulators of certain security breaches involving confidential information.

This policy sets out the escalation procedures to follow in the event of a breach of confidential information within Company and requirements regarding the protection of confidential information with third party service providers.