“Data” refers to personal information collected by or provided to EFry SK as it relates to its clients, staff, volunteers, donors, and members.
“Personal information” is any information that can be used to distinguish, identify or contact a specific individual.
1. All data collected by or provided to EFry SK becomes the property of EFry SK, unless otherwise provided for by agreement.
2. The Executive Director will be responsible for the collection, management and security of all data belonging to EFry SK and shall be referred to as the Chief Privacy Officer for the purpose of this Policy.
3. EFry SK will seek verbal or written consent before collecting and using data. Individuals have the right to withdraw their consent.
4. All data will be safely and securely stored to prevent accidental or unintended disclosure of EFry SK data in the event of theft or loss.
5. Data in the form of a hard copy will be stored in a locked filing cabinet at the EFry SK office. Data stored electronically on laptop computers, cloud computing, or portable storage devices, including USB memory sticks, will be password protected and encrypted.
6. All data shall be stored for a period of seven years after the data is collected, unless otherwise provided for by agreement. The Executive Director will determine the method of destruction of the data.
7. There will be no unauthorized access to the data. Data will not be copied or distributed externally, unless otherwise provided for by agreement.
8. Data will only be shared with authorized active staff according to the guidelines set out in the EFry SK Human Resources manual, including the Confidentiality Policy. Staff and volunteers will be provided with a copy of this policy and will be expected to undergo regular training on data management and protection.
9. All staff or volunteers shall return any data or logins to EFry SK at the end of employment.
10. When data is collected for the purposes of an agreement with an external party, the sharing of the data will be subject to a written data sharing agreement.
11. All parties that EFry SK shares data with will indemnify EFry SK for any legal liability arising out of the release of such information due to fault or negligence of the party.
12. Data will be used only for the purpose it was obtained, or EFry SK operational purposes.
13. Data will be not be disclosed unless EFry SK has obtained prior consent.
14. Any intentional or unintentional unauthorized access, sharing, or misuse of data shall be immediately reported to the EFry SK Executive Director. Any report of breach of this policy will be addressed by appropriate disciplinary or remedial action, up to and including termination.
15. The Chief Privacy Officer shall develop, maintain and follow a disaster recovery and incident response plan for any breaches of data.