Chapter Privacy Policy

Chapter Privacy Policy

Springfield – ISACA Privacy Policy

page1image15876480

July 29, 2011


Scope

This policy outlines the Springfield ISACA Chapter (the “Chapter) policies with respect to the treatment of the personally identifiable information (PII) (as described below) of the following individuals:

     o Current and past website users and individuals who purchase materials;

     o Members (both current and past);
     o Event attendees, speakers, sponsors, survey respondents, and other participants in Chapter programs; and

     o Non-member volunteers who participate on Chapter projects and/or volunteer groups.

This policy does not describe Chapter policies with respect to personally identifiable information of employees, consultants, contractors, vendors, licensees, sponsors, or advertisers.

This policy applies to handling of personally identifiable information stored in all forms (whether on paper, electronically – including on computer hard drives, CD ROMs, removable flash drives – or otherwise) by the Chapter. It does not describe the treatment of information by legally independent entities that may work with the Chapter, including ISACA International.

This policy is for internal use by Chapter volunteers, employees and by others (such as contractors, vendors, committee members, and the like) who have access in the course of their duties for the Chapter to PII (as defined below) maintained by or on behalf of the Chapter.

The Chapter’s Website Committee Director is responsible for maintaining the Chapter’s privacy program.

From time to time, the Chapter may need to update or modify this Privacy Policy. The Chapter’s notice program includes the following elements:

     o When feasible (and/or legally required) the Chapter provides notice to individuals before their personally identifiable information is collected.

     o The Chapter provides notice and obtains consent (as legally required) before information it maintains is used for a purpose that is either unrelated to the purpose    for which the information was originally provided, or that is for a purpose that was not disclosed in the original notice to the individual.

     o The Chapter provides external notice about its privacy practices on its website. The notice describes how personally identifiable information is collected, used, stored, and shared, and secured.

     o The Chapter also provides notice in situations other than traditional online or offline information collection, such as when people are taking surveys or attending meetings, and instructs its employees about when notice must be provided.

Responsibility and Accountability

Notice

Collection

     o This Privacy Policy is used to inform Chapter personnel (and others, such as volunteers, contractors, etc., who will access personally identifiable information maintained by the Chapter and who have a responsibility to adhere to this policy) about the Chapter’s responsibilities with respect to use of personally identifiable information.

Personally identified information (PII) is defined to include any information that could be used to directly or indirectly identify an individual, such as name, email or home address, phone number, as well as information that is maintained in connection with individually identifiable information, like credit card or bank account, demographic information, and the like. The Chapter currently collects and maintains limited personally identifiable information, including:

  •   information as contained in the chapter membership list (names, email addresses, phone numbers, addresses, certifications, etc.)

  •   member completed surveys
    Note: Completing a membership application included agreement to:

    Your contact information will be used to fulfill your request to become an ISACA member, and may also be used by ISACA to send you information about related ISACA goods and services, and other information in which we believe you may be interested. As an ISACA member, we will be sure to keep you up-to-date on the latest products and services that are available to our community.

    By applying for membership, you confirm the information provided on this form is complete and accurate, and you authorize ISACA to contact you at the address and numbers you have provided, including to provide you with marketing and promotional communications. You further represent that the information you provided is yours and is accurate. To learn more about how we use the information you have provided on this form, please read our Privacy Policy, available at www.isaca.org. Should you elect to attend one of our events or purchase other ISACA programs or services, information you submit may also be used as described to you at that time.

    The Chapter uses fair and lawful means to collect information, collects information using methods that have been reviewed and approved by the chapter designee responsible for the Chapter privacy program, and analyzes third-party sources of personally identifiable information to determine if those third parties are reliable data providers.

    To the extent feasible – keeping in mind the Chapter’s legal obligations, business goals and resources – the Chapter gives individuals a choice about how their information will be used. This choice includes, for example, seeking consent and/or providing clear notice about use of personally identifiable information.

    The Chapter informs individuals what choices they have about how information will be used, stored, or shared with third parties. The following are some representative examples of the types of situations when the

Choice and Consent

Sharing

Chapter gives individuals choice or seeks consent:

  •   posting name in newsletters for certifications awarded

  •   new member welcome

  •   chapter or national events.

    The Chapter shares personally identifiable information with third parties only for legitimate business purposes and as permitted by applicable law, rules and regulations. Instances when the Chapter may share information include

     o To vendors or third-party to deliver or provide goods and services, including, for example, exam testing agencies and training providers and partners, product-fulfillment companies, or third- party event hosts;

     o To the IT Governance Institute, ISACA Headquarters, and from time to time volunteers (such as ISACA board members) performing tasks on the Chapter’s behalf;

     o To those who wish to determine if an individual is certified provided that the requester of the information provides to the Chapter the certification number and last name of the individual;

     o To investigate potentially fraudulent or questionable activities;

     o In anticipation of and in the course of an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of the Chapter’s business or operations; and

    o When the Chapter believes it is necessary to cooperate with law enforcement or in response to a government request.

When sharing information, the Chapter limits the amount and type of information shared to that which the other party needs or that is relevant to the other party.

If the Chapter shares personally identifiable information with a vendor or other third party providing services on the Chapter’s behalf, the Chapter requires that the third party use the data as directed by the Chapter and that it maintain the confidentiality and security of the data.

The Chapter will take appropriate remedial actions if it becomes aware of any situation in which a third party misuses personally identifiable information.

Those who wish to access their information or have their information updated are directed to contact the Chapter by email, regular mail, or phone. Such requests will be answered and addressed under the direction and supervision of chapter designee responsible for the Chapter privacy program (the Website Committee Director as stated above).

The Chapter relies on individuals to provide it with complete and accurate personally identifiable information and in certain circumstances may require individuals to represent and warrant that the details they have provided are their own are complete and accurate.

Access

Completeness and Accuracy

Retention and Disposal

The Chapter’s current policy to retain information for so long as it is needed by the business. Since most information is in continuous use, much is retained on an indefinite basis.

When the Chapter finds that it has extensive information it is not using, it will determine appropriate means to dispose of personally identifiable information in a secure manner in keeping with its legal obligations.