Every year, we talk about keeping your information private. What about your customers’ information? No matter how you define customers ( e.g. students, employees, donors), you and your organization collect their information, and it is up to you to respect and keep their information private.
Always start with privacy.
- Include privacy in the planning phase of all new projects.
- If you don’t need personal information, don’t collect it.
- Inform your customers about why you’re collecting their personal information.
Keep and use data securely.
- Keep personal information confidential and limit access to the data.
- Only transmit or share the minimum amount of information necessary.
- Make sure you’re only using the data the way you said you’d use it.
- Destroy or de-identify private information when you no longer need it.
- Be diligent about not holding on to private information stored in old Emails.
- Know your data breach response plan.
- The Computer Security Incident Management Policy (IT 16.1a) requires that as soon as anyone becomes aware that a compromise or disclosure of sensitive data might have occurred they must immediately notify the Office of the Chief Information Officer and their available department manager. The CIO will assess the situation and if appropriate will call a meeting of the Computer Security Incident Response Team.
- These general privacy principles are important but privacy laws do vary by state and country.
“Privacy is like oxygen: It’s invisible and easy to ignore…until it’s taken away.” -unknown
Watch this video: