COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE
|
|
- Charles Shaw
- 8 years ago
- Views:
Transcription
1 COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE
2 COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE Mst dealers are familiar with the requirements f the Gramm-Leach-Bliley Act and the Federal Trade Cmmissin s (FTC) Privacy Rule, which bligate them t create and distribute Privacy Ntices t their custmers. What they may nt knw is that the FTC s Standards fr Safeguarding Custmer Infrmatin, mre cmmnly knwn as the Safeguards Rule, becmes effective n May 23, The bjectives f the Safeguards Rule are t insure the security and cnfidentiality f custmer infrmatin, prtect against any anticipated threats r hazards t the security and integrity f custmer infrmatin, and prtect against unauthrized access t r use f custmer infrmatin that culd result in substantial harm r incnvenience t a custmer. The FTC s Safeguards Rule des nt change the dealership s bligatins under the FTC s Privacy Rule. The Privacy Rule deals with hw financial institutins cllect and share infrmatin. Mtr vehicle dealerships are still required t prvide their custmers with a Privacy Ntice that advises the custmer abut the types f infrmatin the dealership cllects, the surces frm which the infrmatin may be btained and the dealership s plicies with respect t sharing that infrmatin. As yu may recall, in rder t fully cmply with the Gramm-Leach-Bliley Act and the FTC s Privacy Rule, mtr vehicle dealers were als required t make a statement abut their infrmatin safeguarding practices in their Privacy Ntices. As a result, mst dealership Privacy Ntices state we maintain physical, electrnic and prcedural safeguards t prtect the cnfidentiality and security f the infrmatin we cllect. Nw the Safeguards Rule mandates that dealers have a written dcument that specifies the steps they have taken t assess the types f risks that exist with respect t the infrmatin being btained by unauthrized individuals and t prtect the cnfidentiality and security f such infrmatin. Like the Privacy Rule, the Safeguards Rule applies nly t transactins invlving persns wh btain a financial prduct r service frm the dealership primarily fr persnal, family r husehld purpses. Althugh it is a gd idea t apply the same privacy plicies and infrmatin security standards t all f the infrmatin cllected by the dealership, it is nt required fr infrmatin abut cmpanies r individuals wh btain financial prducts r services fr business, cmmercial r agricultural purpses, unless the dealership s Privacy Ntice states therwise. Persnal infrmatin typically cllected frm custmers at the dealership includes their names, addresses, telephne numbers, birth dates and scial security numbers, infrmatin cntained in credit applicatins and credit reprts, infrmatin dealerships receive frm lenders, and even lists f the dealership s finance custmers. The FTC s Safeguards Rule specifically requires every dealer, regardless f the size f his dealership, t develp, implement and maintain a cmprehensive written infrmatin security plan that describes the dealership s prgram t prtect custmer infrmatin. It als requires them t ensure that affiliates f the dealership maintain apprpriate safeguards and that their service prviders are capable f maintaining apprpriate safeguards fr the custmer infrmatin the dealership shares. The Dealership s written infrmatin security plan must: (1) Designate an emplyee r emplyees t crdinate the safeguards; (2) Identify and assess the risks t custmer infrmatin in each relevant area f the dealership s peratin, and evaluate the effectiveness f the current safeguards fr cntrlling these risks; (3) Design and implement a safeguards prgram, and regularly mnitr and test it; (4) Select apprpriate service prviders and cntract with them t implement safeguards; and (5) Evaluate and adjust the prgram in light f relevant circumstances, including changes in business arrangements r peratins, r the results f testing and mnitring f safeguards. When we filed cmments regarding the Safeguards Rule n behalf f NIADA, we requested that the FTC adpt flexible requirements, and the FTC did just that. The dealership s privacy plicies and infrmatin security standards must be develped taking int cnsideratin the dealership s size and cmplexity, the nature and scpe f its activities, the sensitivity f the infrmatin it cllects, and theses plicies and standards must be regularly mnitred. When implementing the Safeguards Rule, the dealership must cnsider all areas f its peratin, including three that are particularly imprtant t infrmatin security: Emplyee management and training; infrmatin systems, and managing system failures. In an effrt t help businesses understand and cmply with the FTC s Financial Infrmatin Safeguards Rule, the FTC issued a new Facts fr Business Publicatin titled Financial Institutins and Custmer Data: Cmplying with the Safeguards Rule.
3 While cmpliance with the FTC s Safeguards Rule is just arund the crner and, therefre, n the tp f everyne s agenda, dealers are well advised t cnsider ther Federal Privacy and Anti-Terrrism Laws that have recently been enacted r are under cnsideratin. Fr example, n Octber 26, 2001, the President signed int law the Uniting and Strengthening America by Prviding Apprpriate Tls Required t Intercept and Obstruct Terrrism Act f 2001 (USA Patrit Act). Title III f the USA Patrit Act makes a number f amendments t the anti-mney laundering prvisins f the Bank Secrecy Act (BSA) that are intended t prmte the preventin, detectin, and prsecutin f internatinal mney laundering and the financing f terrrism. Under the USA Patrit Act, the term financial institutin is defined t include a business engaged in vehicle sales, including autmbile, airplane, and bat sales. The Treasury Department has already issued a Final Rule implementing Sectin 314 f the USA Patrit Act, which establishes prcedures that encurage infrmatin sharing between gvernmental authrities and financial institutins, and amng financial institutins themselves. The first part f the Rule establishes a mechanism fr law enfrcement agencies t cmmunicate the names f suspected terrrists and mney launders t financial institutins in an effrt t lcate and secure accunts and transactins invlving thse suspects. Effective as f September 26, 2002, any mtr vehicle dealerships that receive the name f a suspect must designate ne persn at the dealership t be the cntact persn regarding the request and any future requests that it receives. They must als establish adequate prcedures t prtect the security and cnfidentiality f the requests received frm FinCEN and their respnses t these requests. The requirement t maintain adequate security and cnfidentiality prcedures t prtect the infrmatin is met if the dealership applies the same prcedures it has established t cmply with the Gramm-Leach-Bliley Act and the FTC s Safeguards Rule. The USA Patrit Act als requires every financial institutin t establish an anti-mney laundering prgram. Pursuant t Sectin 352 f the Act, the anti-mney laundering prgram must include, at a minimum: (1) The develpment f internal plicies, prcedures, and cntrls; (2) The designatin f a cmpliance fficer; (3) An nging emplyee-training prgram; and (4) An independent audit functin t test prgrams. Sectin 326 f the Act further requires the Treasury t prescribe Regulatins setting frth minimum standards fr financial institutins t identify custmers applying t pen accunts, including: (1) Adpting reasnable prcedures fr verifying the identity f any persn seeking t pen an accunt; (2) Maintaining recrds f the infrmatin used t verify the persn s identity, including the persn s name, address, and ther identifying infrmatin; and (3) Determining whether the persn appears n any lists f knwn r suspected terrrists r terrrist rganizatins prvided t the financial institutin by a Gvernment Agency. Althugh mtr vehicle dealers have been temprarily exempted frm the requirement t establish an anti-mney laundering cmpliance prgram, n February 24, 2003, FinCEN published an Advance Ntice f Prpsed Rulemaking t slicit public cmments as t hw these requirements shuld apply t mtr vehicle dealers. T eliminate the need fr NIADA Members t draft new r mdified privacy plicies and infrmatin security standards in the future, we have develped the enclsed materials t assist them in cmplying nt nly with the FTC s Safeguards Rule, but als with the USA Patrit Act and emerging implementing regulatins that will impact every dealership s plicies, practices and verall peratins. These materials are being prvided t yu fr distributin t NIADA Members free f charge. We are als prviding them t yu in electrnic frmat t make it easy fr dealers t custmize them fr their wn use. Enclsed yu will find the: FTC Guidelines titled Financial Institutins and Custmer Data: Cmplying with the Safeguards Rule, which summarize the purpse fr the Safeguards Rule and include suggested plicies and prcedures fr cmplying with the Rule. Prgram Crdinatr s Audit f Dealership Privacy Plicies and Infrmatin Security Standards Checklist Dealership Privacy Plicies and Infrmatin Security Standards Emplyee Agreement t Cmply with Privacy Plicies and Infrmatin Security Standards Statement f Privacy Plicies and Infrmatin Security Standards
4 Addendum t Service Prvider Agreements and Letter t Service Prviders Regarding Safeguarding Infrmatin Please keep in mind that these materials are designed t assist dealers t identify and implement apprpriate plicies and standards fr prtecting custmer infrmatin. They are intended as a guide fr mtr vehicle dealers t develp their privacy plicies and infrmatin security standards. While nt intended as a universal slutin that every dealership can adpt, since they are drafted frm a used mtr vehicle dealer s perspective, NIADA Members shuld find that they are easy t use and custmize fr their dealerships. It is imprtant that dealers be instructed t familiarize themselves will all f the infrmatin cntained in the dcuments prvided and include nly thse privacy plicies and infrmatin security standards that are feasible fr the dealership t implement and maintain. In additin, there may be state specific data prtectin r safeguards rules with which dealers must cmply and, therefre, they may wish t cnsult with their legal cunsel r ther prfessinal cnsultants t ensure that their privacy plicies and infrmatin security standards are apprpriate fr the dealership and in cmpliance with applicable federal and state laws, rules and regulatins. The infrmatin cntained in this dcument and the additinal materials prvided are fr general infrmatin purpses nly and shuld nt be cnsidered as legal advice.
5
6
7
8
9 PROGRAM COORDINATOR S AUDIT OF DEALERSHIP PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS CHECKLIST Emplyee Management and Training Are current emplyees, new hirees and independent cntractrs wh perfrm services n behalf f the Dealership subject t satisfactry reference and, where apprpriate, cnsumer/criminal reprt investigatins? Have yu develped prcesses that limit access t custmer infrmatin and ther cnfidential recrds t authrized emplyees? D yu have a written dcument utlining the plicies and prcedures fr handling cnfidential infrmatin? Have yu cnsidered having emplyees frmally acknwledge their understanding f infrmatin security plicies and practices? What steps has the Dealership taken t train emplyees n its privacy plicies and infrmatin security standards? Des the Dealership emply passwrd-prtectin sftware and encryptin prgrams as apprpriate and have emplyees been advised nt t pst passwrds near their cmputers r share passwrds with any ther persn? D yu have apprpriate disciplinary plicies? When an emplyee ceases t be emplyed by the Dealership, d yu delete utdated user names and passwrds frm electrnic databases and netwrks and btain all keys t the Dealership and file cabinets, desks, and ffices in the Dealership frm the emplyee? Have yu cntacted yur Dealer Assciatin, Legal Prfessinals r ther cnsultants t assist yu with cmpliance as necessary? Obtaining Custmer Infrmatin and Verifying Custmer Identities D yur frms request adequate custmer infrmatin t verify the identity f the Dealership s custmers? D emplyees request t see the custmer s driver s license r ther frm f gvernment-issued identificatin with a phtgraph t verify the custmer s identity? What plicies des the Dealership have in place t address situatins when custmer infrmatin is cnflicting r cannt be verified? D yu have prcedures fr ensuring that the Dealership des nt enter int transactins with individuals r entities that appear n the list f Specially Designated Natinals and Blcked Persns maintained by the Office f Freign Asset Cntrl (OFAC)? D yu have recrd retentin plicies fr files that cntain custmer infrmatin and identity verificatin? Infrmatin Systems Hw d yu secure recrds? Are recrds that cntain custmer infrmatin stred where they can be lcked when unattended? Are file cabinets, desk drawers and ffices lcked securely?
10 Are strage areas secure frm unauthrized access and prtected against physical hazards like fire r flds? What is the prcess fr cllecting and filing written recrds? Are yur electrnic recrds stred securely? D the passwrds yu assign cntain enugh characters and cnsist f bth letters and numbers? Is n-screen infrmatin prtected? D yu change passwrds peridically and require emplyees t keep them private? Hw d yu transmit and receive sensitive custmer infrmatin? What measures are taken when dispsing f custmer infrmatin? D yu shred dcuments cntaining custmer infrmatin and stre it in a secure area until an authrized dispsal/recycling service picks it up? Hw d yu ensure data is eliminated when dispsing f cmputers, disks, hard drives r any ther electrnic media that cntains custmer infrmatin? Is there a need fr a designated recrds retentin manager? Is it necessary t establish retentin perids fr written custmer files? Are emplyees prhibited frm taking custmer infrmatin ut f the Dealership? Hw d yu make sure yur anti-virus and firewall sftware is up-t-date? D yu have a system fr backing up infrmatin n cmputers and/r servers? Are emplyees instructed t lg ff f all Internet, and ther accunts when they are nt being used? Wh is respnsible fr dwnlading sftware r applicatins t the Dealership s cmputers? Have yu taken steps t prevent and prepare fr a systems failure? Selectin and Oversight f Service Prviders Have yu established criteria fr evaluating, selecting and auditing service prviders? Des the Dealership have cntractual agreements with all f its service prviders? Are service prviders required t agree t be respnsible fr securing and maintaining the cnfidentiality f custmer infrmatin? Is the Dealership advised when a security breach ccurs and des the Dealership have plicies f advising it s service prviders f security breaches?
11 Managing System Failures D yu have a system fr auditing and verseeing the Dealership s privacy plicies and infrmatin security standards? Des the Dealership take immediate crrective actin when a security breach ccurs?
12 DEALERSHIP PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS Our Prgram Crdinatr We have appinted as the Prgram Crdinatr f ur Dealership s Infrmatin Security Prgram. The Prgram Crdinatr will reprt directly t, the f the Dealership. In the event the Prgram Crdinatr ceases t be emplyed by the Dealership r is unable t perfrm his/her respnsibilities, shall take ver the respnsibilities f the Prgram Crdinatr until a new permanent Prgram Crdinatr is appinted. The Prgram Crdinatr s Respnsibilities It is the Prgram Crdinatr s respnsibility t design, implement and maintain privacy plicies and infrmatin safeguard standards as he/he determines t be necessary frm time t time. Specific respnsibilities that have been delegated t the Prgram Crdinatr include: Identifying and assessing the risks t custmer infrmatin in each relevant area f the Dealership s peratin, and evaluating the effectiveness f current safeguards that have been implemented t cntrl these risks. Designing and implementing privacy plicies and infrmatin security standards that are apprpriate fr the size and cmplexity f ur Dealership and its peratins, the nature and scpe f ur activities and the sensitivity f the custmer infrmatin we cllect, stre and share with thers. Regularly mnitring and testing the privacy plicies and infrmatin security standards. Assisting with the selectin f apprpriate service prviders that are capable f maintaining safeguards t prtect the relevant custmer infrmatin and reviewing service prvider cntracts t ensure that each cntracts cntain apprpriate bligatins with respect t the use f custmer infrmatin and the implementatin f safeguards. Evaluating and adjusting the Dealership s Privacy Plicies and Infrmatin Security Standards in light f relevant circumstances, including changes t the Dealership s peratins, business relatinships, technlgical develpments and/r ther matters that may impact the security r integrity f the Dealership s custmer infrmatin. Pursuant t the USA Patrit Act and the Rules adpted by the Financial Crimes Enfrcement Netwrk (FinCEN), a Bureau under the Department f Treasury, the Prgram Crdinatr will als be the cntact persn fr Law Enfrcement Agencies t cmmunicate the names f suspected terrrists and mney launders in an effrt t lcate and secure accunts and transactins invlving thse suspects. Upn receiving a request fr infrmatin frm FinCEN, the Prgram Crdinatr will: Prvide FinCEN with his/her name, title, and apprpriate cntact infrmatin, such as a mailing address, e- mail address, telephne number and facsimile number, and ntify FinCEN prmptly f any mdificatins with respect t cntact infrmatin. Ensure that current accunts maintained by the Dealership, any accunts maintained by the Dealership during the past 12 mnths, and any transactins cnducted during the past 6 mnths that the Dealership is required by law r regulatin t recrd r that the Dealership has recrded and maintained are searched fr the names prvided by FinCEN. If the Dealership has entered int a transactin with an individual r entity n the list, send a Reprt t FinCEN that cntains: (1) The name f the individual, entity r rganizatin; (2) The accunt numbers r,
13 in the case f transactins, the date and type f each transactin; and (3) The scial security number, taxpayer identificatin number, passprt number, date f birth, address, r ther persnal identifying infrmatin prvided by the individual r entity at the time f the transactin. Questins abut the scpe r terms f a request will be directed t the Law Enfrcement Agency that sent the request fr infrmatin t FinCEN, but the Reprt will be sent t FinCEN, nt the Law Enfrcement Agency that requested the search, unless the Prgram Crdinatr is instructed therwise. Emplyee Management and Training All current emplyees and new hirees, as well as independent cntractrs wh perfrm services n behalf f the Dealership, will: Be subject t satisfactry reference and cnsumer/criminal reprt investigatins, where apprpriate. Only have access t custmer infrmatin if they have a business reasn fr seeing it. Participate in the Dealership s privacy plicies and infrmatin security standards training prgram and attend educatinal and training seminars n a regular basis. Sign and acknwledge his/her agreement t ur Dealership s Statement f Privacy Plicies and Infrmatin Security Standards. Be respnsible fr prtecting the cnfidentiality and security f the custmer infrmatin ur Dealership cllects and fr using the infrmatin in accrdance with ur Privacy Plicies. Nt be permitted t pst passwrds near their cmputers r share passwrds with any ther persn. Refer telephne calls r ther requests fr custmer infrmatin t the Prgram Crdinatr r apprpriate manager when such requests are nt received within the rdinary curse f the Dealership s business r are fr infrmatin that the emplyee is nt authrized t prvide. Disclse t service prviders, marketers r any ther parties nly that custmer infrmatin which is necessary t cmplete a transactin initiated by the custmer and/r as permitted by law. If an emplyee is unsure as t whether a specific disclsure is permitted, he r she will be instructed t check with the Prgram Crdinatr r apprpriate manager t verify that it is acceptable t release the infrmatin befre ding s. Be required t ntify the Prgram Crdinatr r apprpriate manager immediately f any attempts by unauthrized persns t btain access t custmer infrmatin and/r if any passwrd r custmer infrmatin is subject t unauthrized access. Any emplyee that fails t abide by ur Statement f Privacy Plicies and Infrmatin Security Standards, whether such failure is intentinal r unintentinal, will be subject t apprpriate disciplinary actin, which may include terminatin f emplyment. When an emplyee ceases t be emplyed by the Dealership, he/she will be required t turn in any keys in his/her pssessin that prvide access t the Dealership and file cabinets, desks, and ffices in the Dealership; passwrds and security cdes, if applicable, will be deleted; and emplyees will nt be permitted t take any custmer infrmatin frm the Dealership.
14 Obtaining Custmer Infrmatin and Verifying Custmer Identities The fllwing prcedures will be implemented with respect t btaining custmer infrmatin and verifying custmer identities: Frms utilized by the Dealership request custmer infrmatin, such as names, addresses, telephne numbers, birth dates, scial security numbers, tax identificatin numbers, and driver s license and insurance infrmatin, t enable the Dealership t verify the identificatin f its custmers. In additin, custmers must sign dcumentatin, including swrn statements in sme cases, wherein the custmer represents and warrants that he/she is the persn identified in the dcumentatin. Emplyees will request t see the custmer s driver s license r ther frm f gvernment-issued identificatin bearing a phtgraph t verify the custmer s identity and will make a cpy f the same t retain in the custmer s file. If a custmer requests financing in cnnectin with a transactin, the custmer will be required t prvide emplyment infrmatin and references and must authrize the Dealership t btain a credit reprt, all f which may be utilized t verify the identity f the custmer. Emplyees may als request cpies f the custmer s utility bills, bank r credit card statements and paycheck stubs. In the event that custmer infrmatin prvided in dcumentatin is cnflicting r cannt be verified upn further inquiry, emplyees shall request additinal gvernment-issued dcumentatin evidencing the custmer s residence and bearing a phtgraph r ther safeguard (i.e. a scial security card, alien identificatin card, r passprt) t enable emplyees t frm a reasnable belief that they knw a custmer s true identity. When apprpriate, emplyees shall write a summary f the means and results f any measures taken t identify a custmer, including the reslutin f any discrepancy in the identifying infrmatin btained. Emplyees will be instructed t ntify the Prgram Crdinatr if custmer infrmatin still cannt be verified. The Dealership has access t updated versins f the alphabetical master list f Specially Designated Natinals and Blcked Persns maintained by the Office f Freign Asset Cntrl (OFAC), which will be checked t ensure that ptential custmers d nt appear n the same. Paper and electrnic recrds cntaining custmer infrmatin and relevant t the Dealership s identity verificatin prcess will be retained by the Dealership in accrdance with federal and state recrd retentin requirements. Upn the expiratin f the apprpriate retentin perid, any such recrds will be dispsed f in a secure manner in accrdance with the Dealership s infrmatin security standards. Infrmatin Systems The fllwing infrmatin security standards will be implemented in rder t prtect custmer infrmatin cllected and maintained by ur Dealership: Emplyees will have access nly t that custmer infrmatin which is necessary t cmplete their designated respnsibilities. Emplyees shall nt access r prvide any ther unauthrized persn access t custmer infrmatin that is btained during the curse f emplyment. Requests fr custmer infrmatin that are utside the scpe f the Dealership s rdinary business r the scpe f an emplyee s authrizatin must be directed t the Prgram Crdinatr r designated individuals. Access t electrnic custmer infrmatin will be passwrd cntrlled. Every emplyee with access t the Dealership s cmputer system and electrnic recrds will have a unique passwrd cnsisting f at least characters, including numbers and letters. Only emplyees that need t access electrnic recrds will be prvided with passwrds.
15 All paper and electrnic recrds will be stred in secure lcatins t which nly authrized emplyees will have access. Any paper recrds cntaining custmer infrmatin must be stred in a deal jacket r flder. Paper recrds must be stred in an ffice, desk, r file cabinet that is lcked when unattended. Electrnic recrds will be stred n a secure server that is lcated in a lcked rm and is accessible nly with a passwrd. Where apprpriate, recrds will be maintained in a fireprf file cabinet and/r at an ffsite lcatin. Custmers, vendrs and service prviders shall nt be left in an area with insecure custmer recrds. Backups f the cmputers and/r server will be made at least nce each day, r at mre frequent intervals as deemed necessary. At least nce each mnth the backup infrmatin will be verified. Backup disks will be stred in a lcked file cabinet. Virus prtectin sftware has been installed n the cmputers and new virus updates will be checked at regular intervals. All cmputer files will be scanned at least nce each mnth, r at mre frequent intervals as deemed necessary. Firewalls and security patches frm sftware vendrs will be dwnladed n a regular basis. All data will be erased frm cmputers, disks, hard drives r any ther electrnic media that cntain custmer infrmatin befre dispsing f them and, where apprpriate, hard drives will be remved and destryed. Any paper recrds will be shredded and stred in a secure area until an authrized dispsal/recycling service picks it up. Emplyees will be instructed t lg ff f all Internet, and ther accunts when they are nt being used. Emplyees will nt be permitted t dwnlad any sftware r applicatins t Dealership cmputers r pen attachments frm unknwn surces. Electrnic recrds may nt be dwnladed t a disk r individual cmputer withut explicit authrizatin frm the Prgram Crdinatr. Electrnic recrds will nt be stred nline and are nt accessible frm the Internet. If custmer infrmatin is transmitted electrnically ver external netwrks, emplyees will be instructed t encrypt the infrmatin at the time f transmittal. Neither current nr frmer emplyees will be permitted t remve any custmer infrmatin frm the Dealership, whether cntained in paper recrds r electrnic recrds, r t disclse ur infrmatin security standards t any persn withut authrizatin frm the Prgram Crdinatr. Selectin and Oversight f Service Prviders In rder t prtect the custmer infrmatin ur Dealership cllects, we will take steps t evaluate and versee ur service prviders. The fllwing evaluatin criteria will be utilized in selecting service prviders: Cmpatibility and willingness t cmply with the Dealership s privacy plicies and infrmatin security standards and the adequacy f the service prvider s wn privacy plicies and infrmatin security standards. Recrds t be maintained by the service prvider and whether the Dealership will have access t infrmatin maintained by the service prvider. The service prvider s knwledge f regulatins that are relevant t the services being prvided, including privacy and ther cnsumer prtectin regulatins.
16 Experience and ability t prvide the necessary services and supprting technlgy fr current and anticipated needs. Functinality f any service r system prpsed and plicies cncerning maintaining secure systems, intrusin detectin and reprting systems, custmer authenticatin, verificatin, and authrizatin, and ability t respnd t service disruptins. Service and supprt that will be prvided in terms f maintenance, security, and ther service levels. Financial stability f the service prvider and reputatin with industry grups, trade assciatins and ther dealerships. Cntractual bligatins and requirements, such as the term f the cntract; prices; sftware supprt and maintenance; training f emplyees; custmer service; rights t mdify existing services perfrmed under the cntract; warranty, cnfidentiality, indemnificatin, limitatin f liability and exit clauses; guidelines fr adding new r different services and fr cntract re-negtiatin; cmpliance with applicable regulatry requirements; recrds t be maintained by the service prvider; ntificatin f material changes t services, systems, cntrls and new service lcatins; insurance cverage t be maintained by the service prvider; and use f the Dealership s data, equipment, and system and applicatin sftware. The right f the Dealership t audit the service prvider s recrds, t btain dcumentatin regarding the reslutin f disclsed deficiencies, and t inspect the service prvider s facilities. Service Prviders will be required t agree cntractually t be respnsible fr securing and maintaining the cnfidentiality f custmer infrmatin, including agreement t refrain frm using r disclsing the Dealership s infrmatin, except as necessary t r cnsistent with prviding the cntracted services, t prtect against unauthrized use r disclsure f custmer and Dealership infrmatin, t cmply with applicable privacy regulatins, and t fully disclse breaches in security resulting in unauthrized access t infrmatin that may materially affect the Dealership r its custmers and t ntify the Dealership f the services prvider s crrective actin. Service prviders will be subject t nging assessment t evaluate their cnsistency with selectin criteria, perfrmance and financial cnditins, and cntract cmpliance. Managing System Failures The Prgram Crdinatr will implement audit and versight prcedures as he/she deems necessary t detect the imprper disclsure r theft f custmer infrmatin and t ensure that emplyees, independent cntractrs and service prviders are cmplying with ur Dealership s Privacy Plicies and Infrmatin Security Standards. If the Dealership s Privacy Plicies and Infrmatin Security Standards are breached, the Prgram Crdinatr will infrm, the f the Dealership. The Prgram Crdinatr and will take apprpriate steps t ntify cunsel, service prviders and custmers f any breach, damage r lss f infrmatin and the risks assciated with the same and will immediately take measures t limit the effect f the breach, identify the reasn fr the breach and implement prcedures t prevent further breaches. In the event f a breach, r at any ther time as the Prgram Crdinatr deems apprpriate, the Prgram Crdinatr may mdify r supplement ur Dealership s Privacy Plicies and Infrmatin Security Standards.
17 EMPLOYEE AGREEMENT TO COMPLY WITH PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS Effective July 1, 2001, the Financial Services Mdernizatin Act f 1999, mre cmmnly knw as the Gramm- Leach-Bliley Act, requires financial institutins that cllect nnpublic persnal infrmatin abut custmers wh btain a financial prduct r service t: (1) Implement privacy plicies and prcedures t prtect the infrmatin they cllect; and (2) Prvide their custmers with certain ntices, including an Initial Privacy Plicy Ntice and, if applicable, an Annual Ntice. In additin, as f May 23, 2003, any financial institutin that cllects persnal infrmatin frm their custmers must cmply with the Federal Trade Cmmissin s Safeguards Rule, which requires financial institutins t develp a written infrmatin security plan that describes their prgram t prtect custmer infrmatin. In certain circumstances, ur Dealership is deemed t be a financial institutin fr purpses f the Gramm-Leach-Bliley Act and the Federal Trade Cmmissin s Implementing Rules. As a cnditin f yur emplyment with ur Dealership, yu agree t: 1. Read the Statement f Privacy Plicies and Infrmatin Security Standards and familiarize yurself with the infrmatin cntained therein. 2. Fllw ur prcedures fr prviding a cpy f ur Privacy Plicy t each custmer. 3. Fllw ur prcedures fr safeguarding and prtecting custmer infrmatin in accrdance with ur Statement f Privacy Plicies and Infrmatin Security Standards. BY SIGNING BELOW, I ACKNOWLEDGE THAT I HAVE RECEIVED AND READ THE STATEMENT OF PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS AND AGREE TO COMPLY WITH THE PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS AS SET FORTH THEREIN AS A CONDITION OF MY EMPLOYMENT. I FURTHER UNDERSTAND THAT THE FAILURE TO FOLLOW THE DEALERSHIP S PRIVACY POLICIES AND INFROMATION SECURITY STANDARDS MAY RESULT IN DISCIPLINARY ACTION, INCLUDING THE TERMINATION OF MY EMPLOYMENT. EMPLOYEE WITNESS DATE DATE
18 STATEMENT OF PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS Effective July 1, 2001, the Financial Services Mdernizatin Act f 1999, mre cmmnly knw as the Gramm- Leach-Bliley Act, requires financial institutins that cllect nnpublic persnal infrmatin abut custmers wh btain a financial prduct r service t: (1) Implement privacy plicies and prcedures t prtect the infrmatin they cllect; and (2) Prvide the custmers with certain ntices, including an Initial Privacy Plicy Ntice and, if applicable, an Annual Ntice. In additin, as f May 23, 2003, any financial institutin that cllects persnal infrmatin frm their custmers must cmply with the Federal Trade Cmmissin s Safeguards Rule, which requires financial institutins t develp a written infrmatin security plan that describes their prgram t prtect custmer infrmatin. In certain circumstances, ur Dealership is deemed t be a financial institutin fr purpses f the Gramm-Leach-Bliley Act and the Federal Trade Cmmissin s Implementing Rules. The purpse f this Statement is t advise yu f yur respnsibilities as an Emplyee f ur Cmpany. As a cnditin f yur emplyment with ur Dealership, yu agree t: 1. Read this Statement f Privacy Plicies and Infrmatin Security Standards and familiarize yurself with the infrmatin cntained herein. 2. Fllw ur prcedures fr prviding a cpy f ur Privacy Plicy t each custmer. 3. Fllw ur prcedures fr safeguarding and prtecting custmer infrmatin in accrdance with ur Infrmatin Security Standards. OUR PRIVACY POLICY Emplyee are respnsible fr prviding a cpy f ur Privacy Plicy t each custmer: 1. That enters int an agreement r understanding fr assistance t btain a lan r financing, regardless f whether r nt financing is ever btained, as fllws: a. In persn when the custmer cmpletes a Credit Applicatin; b. By mail within day(s) f receipt f the infrmatin t cmplete a Credit Applicatin via the telephne; 2. When infrmatin is cllected in rder t assist the custmer t btain payff infrmatin n a trade-in vehicle; and 3. That purchases ther prducts r services (i.e. service cntracts, guaranteed autmbile prtectin (GAP) agreements r insurance) prir t cmpletin f the sale r lease transactin. OUR INFORMATION SECURITY STANDARDS Our Prgram Crdinatr We have appinted as the Prgram Crdinatr f ur Dealership s Infrmatin Security Prgram. It is the Prgram Crdinatr s respnsibility t design, implement and maintain privacy plicies and infrmatin safeguard standards as he/he determines t be necessary frm time t time. The Prgram Crdinatr will reprt directly t, the f the Dealership. In the event the Prgram Crdinatr ceases t be emplyed by the Dealership r is unable t perfrm his/her respnsibilities, shall take ver the respnsibilities f the Prgram Crdinatr until a new permanent Prgram Crdinatr is appinted.
19 Based upn the Prgram Crdinatr s risk assessment f ur Dealership s peratins, including emplyee management and training and ur infrmatin systems (i.e. infrmatin cllectin, prcessing, strage, transmissin and dispsal, and ptential system failures), the fllwing privacy plicies and infrmatin security standards have been adpted fr all f ur emplyees and any independent cntractrs. Individual emplyees may be given additinal respnsibilities as well. Cmpliance with ur Dealership s privacy plicies and infrmatin security standards is a cnditin f yur emplyment with us. Emplyee Interviewing, Hiring and Training All current and new emplyees, as well as independent cntractrs wh perfrm services n behalf f the Dealership, will: 1. Be subject t satisfactry reference and cnsumer/criminal reprt investigatins. 2. Participate in the Dealership s privacy plicies and infrmatin security standards training prgram and attend educatinal and training seminars n a regular basis. 3. Sign and acknwledge his/her agreement t ur Dealership s Statement f Privacy Plicies and Infrmatin Security Standards. 4. Be respnsible fr prtecting the cnfidentiality and security f the custmer infrmatin ur Dealership cllects and fr using the infrmatin in accrdance with ur Privacy Plicies. Obtaining Custmer Infrmatin and Verifying Custmer Identities The fllwing prcedures have been implemented with respect t btaining custmer infrmatin and verifying custmer identities: 1. Frms utilized by the Dealership request custmer infrmatin, such as names, addresses, telephne numbers, birth dates, scial security numbers, tax identificatin numbers, and driver s license and insurance infrmatin, t enable the Dealership t verify the identificatin f its custmers. 2. Emplyees must request t see the custmer s driver s license r ther frm f gvernment-issued identificatin bearing a phtgraph t verify the custmer s identity and will make a cpy f the same t retain in the custmer s file. If a custmer requests financing in cnnectin with a transactin, the custmer must cmplete a credit applicatin, prvide emplyment infrmatin and references, and authrize the Dealership t btain a credit reprt. Emplyees may als request cpies f the custmer s utility bills, bank r credit card statements and paycheck stubs. 3. In the event that custmer infrmatin prvided in dcumentatin is cnflicting r cannt be verified upn further inquiry, emplyees shall request additinal gvernment-issued dcumentatin evidencing the custmer s residence and bearing a phtgraph r ther safeguard (i.e. a scial security card, alien identificatin card, r passprt) t enable emplyees t frm a reasnable belief that they knw a custmer s true identity. If custmer infrmatin still cannt be verified, emplyees shall ntify the Prgram Crdinatr fr further instructins. 4. The Dealership has access t updated versins f the alphabetical master list f Specially Designated Natinals and Blcked Persns maintained by the Office f Freign Asset Cntrl (OFAC), which shuld be checked t ensure that ptential custmers d nt appear n the same. Prtecting the Cnfidentiality and Security f Custmer Infrmatin
20 Each emplyee is respnsible fr prtecting the cnfidentiality and security f the custmer infrmatin ur Dealership cllects and fr using the infrmatin in accrdance with ur Privacy Plicy. The fllwing security prcedures must be fllwed in rder t prtect ur custmer infrmatin: 1. Emplyees shall have access nly t that custmer infrmatin which is necessary t cmplete their designated respnsibilities. Emplyees shall nt access r prvide any ther unauthrized persn access t custmer infrmatin that is btained during the curse f emplyment. Emplyees must refer requests fr custmer infrmatin t the Prgram Crdinatr r apprpriate manager when such requests are nt received within the rdinary curse f the Dealership s business r are fr infrmatin that the emplyee is nt authrized t prvide. 2. All paper and electrnic recrds must be stred in secure lcatins t which nly authrized emplyees have access. Any paper recrds cntaining custmer infrmatin must be stred in a deal jacket r flder. Paper recrds must be stred in an ffice, desk, r file cabinet that is lcked when unattended. Electrnic recrds will be stred n a secure server that is lcated in a lcked rm and is accessible nly with a passwrd. Where apprpriate, recrds will be maintained in a fireprf file cabinet and/r at an ffsite lcatin. Custmers, vendrs and service prviders shall nt be left in an area with insecure custmer recrds. 3. Access t electrnic custmer infrmatin will be passwrd cntrlled. Every emplyee with access t the Dealership s cmputer system and electrnic recrds will have a unique passwrd cnsisting f at least characters, including numbers and letters. Only emplyees that need t access electrnic recrds will be prvided with passwrds. Passwrds may nt be psted near cmputers r shared any ther persn. 4. Emplyees that have access t the cmputer system and electrnic recrds may nt dwnlad any sftware r applicatins t ur Dealership cmputers r pen attachments frm unknwn surces. Emplyees must lg ff f any Internet, r ther accunt when it is nt in use. 5. Electrnic recrds may nt be dwnladed t a disk r individual cmputer withut explicit authrizatin frm the Prgram Crdinatr. If custmer infrmatin is transmitted electrnically ver external netwrks, emplyees must encrypt the infrmatin at the time f transmittal. 6. All data must be erased frm cmputers, disks, hard drives r any ther electrnic media that cntain custmer infrmatin befre dispsing f them and, where apprpriate, hard drives will be remved and destryed. Any paper recrds must be shredded and stred in a designated secure area until an authrized dispsal/recycling service picks it up. 7. Emplyees may nt remve any custmer infrmatin, whether cntained n paper recrds r electrnic recrds frm the Dealership r disclse ur security standards t any persn wh is nt emplyed by us withut authrizatin frm the Prgram Crdinatr. 8. Only that infrmatin which is necessary t cmplete a transactin initiated by the custmer, is specifically authrized t be disclsed by the custmer and/r is permitted t be disclsed by law shall be prvided t service prviders, marketers r any ther parties. If yu are unsure as t whether a specific disclsure is permitted, it is yur respnsibility t check with the Prgram Crdinatr r yur manager t verify that it is acceptable t release the infrmatin befre ding s. 9. Neither current nr frmer emplyees will be permitted t remve any custmer infrmatin frm the Dealership, whether cntained in paper recrds r electrnic recrds, r t disclse ur infrmatin security standards t any persn withut authrizatin frm the Prgram Crdinatr. 10. The Prgram Crdinatr r apprpriate manager shuld be ntified immediately f any attempts by unauthrized persns t btain access t custmer infrmatin and/r if any passwrd r custmer infrmatin is subject t unauthrized access.
21 11. When an emplyee ceases t be emplyed by the Dealership, he/she must turn in any keys that prvide access t the Dealership and file cabinets, desks, and ffices in the Dealership; passwrds and security cdes, if applicable, will be deleted. Disciplinary Actin Any emplyee that fails t abide by ur Statement f Privacy Plicies and Security Standards, whether such failure is intentinal r unintentinal, will be subject t apprpriate disciplinary actin, which may include terminatin f emplyment.
22 ADDENDUM This Addendum mdifies the ( Agreement ) entered int between ( Dealer ), and ( Cmpany ). By executing this Addendum, Dealer and Cmpany acknwledge and agree that this Addendum is incrprated int and made a part f the Agreement, the terms and prvisins f which, except as expressly mdified in this Addendum, are hereby affirmed and ratified by Dealer and Cmpany and remain in full frce and effect. It is agreed between the parties t the Agreement and this Addendum that, ntwithstanding anything t the cntrary cntained in the Agreement r in any ther dcuments pertaining t the Agreement, Dealer and Cmpany shall cmply with all privacy and data prtectin laws, rules and regulatins applicable nw and in the future. Withut limiting the generality f the preceding sentence, Dealer and Cmpany agree that they will implement and maintain apprpriate safeguards t prtect custmer infrmatin and that they will nt use r disclse nnpublic custmer infrmatin that they receive pursuant t the terms f this Agreement t any ther party, except as is reasnably necessary t fulfill the purpses fr which such infrmatin was prvided and as therwise permitted by applicable law. Fr purpses f this Addendum, the terms nnpublic persnal infrmatin and financial institutin shall have the meanings set frth in Sectin 509 f the Gramm-Leach-Bliley Act (P.L ) (15 U.S.C. Sectin 6809) and implementing regulatins theref. The prvisins cntained in this Addendum shall survive the terminatin r expiratin f the Agreement, by the expiratin f time, by peratin f law, r therwise. IN WITNESS HEREOF, and intending t be bund by the terms and cnditins heref, each f the parties has caused this Addendum t be executed by its duly authrized representative as f the respective dates set frth belw. Dealer: By: Its: Date: Cmpany: By: Its: Date:
VCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationTexas Woman's University University Policy Manual
Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationInformation Security Policy
Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every
More informationHampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices
This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationProject Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationFINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.
FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationBill Payment Agreement & Disclosures
Bill Payment Agreement & Disclsures Welcme t Online Banking Bill Payment Service. Use f the Bill Payment Service indicates acceptance f terms and cnditins set frth in the Online Banking Agreement & Disclsures
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationFinancial Planning Agreement
Financial Planning Agreement This Financial Planning Agreement, the ( Agreement ), dated as f, 20, is by and between Vulcan Investments LLC, 2100 SuthBridge Pkwy, Suite 650 Birmingham, AL. 35209, an investment
More informationNAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts
NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin
More informationCreating an Ethical Culture and Protecting Your Bottom Line:
Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please
More informationScotiabank Group Privacy Agreement
Sctiabank Grup Privacy Agreement Last revised Octber 2010 Yur privacy is imprtant t Sctiabank. This Agreement sets ut the infrmatin practices fr Sctiabank Grup Members in Canada, including what type f
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationHIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.
HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationKentwood Police Department 4742 Walma Ave SE Kentwood, Michigan 49512 (616) 698-6580 http://www.ci.kentwood.mi.us REPORTING IDENTITY THEFT
Kentwd Plice Department 4742 Walma Ave SE Kentwd, Michigan 49512 (616) 698-6580 http://www.ci.kentwd.mi.us REPORTING IDENTITY THEFT If yu are the victim f identity theft and ne f the fllwing cnditins are
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationCredit Work Group Recommendation
Credit Wrk Grup Recmmendatin T: Credit Wrk Grup Frm: Mike Bixby (305) 829-5549 mbixby@inf1team.cm Paul Wills (770) 740-7353 Paul.Wills@equifax.cm Date: Octber 7, 2004 Re: FACT Act Implicatins and Recmmendatins
More informationUNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM WB-DEC
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washingtn, D.C. 20549 FORM WB-DEC DECLARATION OF ORIGINAL INFORMATION SUBMITTED PURSUANT TO SECTION 21F OF THE SECURITIES EXCHANGE ACT OF 1934 A. SUBMITTER
More informationDATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released
Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used
More informationexpertise hp services valupack consulting description security review service for Linux
expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationGOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information
GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES Fr Yur Prtected Health Infrmatin THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationMerchant Processes and Procedures
Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1
More informationTITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents
TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationCHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.
CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany
More informationTo Receive CPE Credit
Trends in ACH Fraud & Risk Management Jhn A. Mills, AAP Supervising Cnsultant jmills@bkd.cm 314.231.5544 March 28, 2013 T Receive CPE Credit Participate in entire webinar Answer plls when they are prvided
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationOnline Banking Agreement
Online Banking Agreement 1. General This Online Banking Agreement, which may be amended frm time t time by us (this "Agreement"), fr accessing yur Clrad Federal Savings Bank accunt(s) via the Internet
More informationWe will record and prepare documents based off the information presented
Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we
More informationIN-HOUSE OR OUTSOURCED BILLING
IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability
More informationPrivacy Breach and Complaint Protocol
Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More information- Upfront fee of $ + GST - Ongoing fee commencing immediately after plan implementation of $20.00 + GST per fortnight.
Cntract f engagement This cntract f engagement is between FSB 4 Financial Limited (the adviser) and (the client). Purpse This cntract establishes the relatinship between the adviser and the client relating
More informationInternet Banking Agreement and Disclosure Statement
Internet Banking Agreement and Disclsure Statement This agreement cntains the terms and cnditins that gvern accessing r using Internet Banking (NetTeller), Bill Payment Services, Mbile Banking and On Demand
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationCloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013
Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies
More informationEmployees - recruitment, records and monitoring
Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,
More informationPurpose Statement. Objectives
Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin
More informationColumbine Federal Credit Union ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE
Clumbine Federal Credit Unin ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE 1. Online Banking/Bill Payment 2. Online Banking/ Bill Payment Limitatins 3. Online Bill Payment
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationWhat Information Is Collected and How Is It Collected?
RCI PRIVACY NOTICE RCI Pacific Pty Ltd is cncerned abut privacy issues and wants yu t be familiar with hw we cllect, use and disclse infrmatin. This Privacy Ntice describes ur practices in cnnectin with
More informationThird Party Originator Application
Third Party Originatr Applicatin Applicant Infrmatin Third Party Name: Primary Address: City: State: Zip Cde: Primary Cntact: Telephne Number: Email Address: Fax Number: Website Address: Branch Lcatins
More informationDATA REQUEST GUIDELINES
DATA REQUEST GUIDELINES This dcument describes prcedures law enfrcement authrities and individuals invlved in civil litigatin shuld fllw t request data frm LinkedIn and its affiliated service prviders.
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationLetter of Engagement. as instructed from time to time in respect of your/the company/trusts affairs
We enclse material which sets ut: Letter f Engagement Infrmatin fr clients which lawyers are required by the New Zealand Law Sciety t prvide; and Our standard terms f engagement. Services t be prvided
More informationFORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS
APPENDIX A FORM ADV (Paper Versin) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS Frm ADV: General Instructins Read these instructins carefully befre
More informationFrequently Asked Questions About I-9 Compliance
Frequently Asked Questins Abut I-9 Cmpliance What is required t verify wrk authrizatin? The basic requirement t verify wrk authrizatin is the Frm I-9. This frm is available n the HR website: http://www.fit.edu/hr/dcuments/frms/i-9.pdf
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationFrequently Asked Questions about the Faith A. Fields Nursing Scholarship Loan
ARKANSAS STATE BOARD OF NURSING 1123 S. University Avenue, Suite 800, University Twer Building, Little Rck, AR 72204 Phne: (501) 686-2700 Fax: (501) 686-2714 www.arsbn.rg Frequently Asked Questins abut
More informationA96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015
A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY
More informationCLEARANCE REVIEWS FOR STUDENT RESTRICTION ISSUES OTHER THAN ACADEMIC PROGRESS
CLEARANCE REVIEWS FOR STUDENT RESTRICTION ISSUES OTHER THAN ACADEMIC PROGRESS Only the Ministry f Training, Clleges & Universities can cnsider clearance reviews fr mst ther student restrictin issues. These
More informationREQUEST FOR PROPOSAL SECURITY SERVICES
REQUEST FOR PROPOSAL SECURITY SERVICES Sectin I INTRODUCTION [Cmpany] is seeking prpsals frm qualified Cntractrs t prvide unifrmed security service fr [Cmpany] facilities at [Lcatin(s)]. This dcument is
More informationA. Early Case Assessment
Electrnic Discvery Reference Mdel Standards fr the identificatin f electrnically stred infrmatin in discvery http://www.edrm.net/resurces/standards/identificatin A. Early Case Assessment Once a triggering
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationPrivacy Plicy Welcme, Sensati & JHI
Privacy Plicy Welcme t www.framesdata.cm! This site (the Frames Data Online Site ) is wned by Frames Data Inc. ("FDI" r we ), a subsidiary f Jbsn Medical Infrmatin LLC ("JMI") and its parent, Jbsn Healthcare
More informationPreventing Identity Theft
Preventing Identity Theft Each year, millins f Americans have their identity stlen. ENG Lending wants yu t have the infrmatin yu need t prtect yurself against identity theft. While there are n guarantees
More informationFinancial Accountability Handbook
Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationKey Steps to Responding to Privacy Breaches. Nova Scotia Freedom of Information and Protection of Privacy Review Office
Key Steps t Respnding t Privacy Breaches Nva Sctia Freedm f Infrmatin and Prtectin f Privacy Review Office ~ 1 ~ ~ 1 ~ 1 ~ Key Steps t Respnding t Privacy Breaches 1 Key Key Steps Steps t t Respnding
More informationES PROCEDURES FOR OVERPAYMENT RECOVERY
ES PROCEDURES FOR OVERPAYMENT RECOVERY Effective: 7/1/2012 Respnsible Office: Emplyee Services (ES) Apprved: ES Directr Applicatin: All Emplyees f the University f Clrad Plicy The University f Clrad will
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationGeneral Records Authority 33. Accredited Training
General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION
More informationNew York Institute of Technology Faculty and Staff Email Retention Policy
New Yrk Institute f Technlgy Faculty and Staff Email Retentin Plicy Nvember 2013 I. PURPOSE As electrnic mail (email) has becme the primary frm f cmmunicatin at NYIT and thrughut the wrld, the vlume f
More informationERISA Compliance FAQs: Fiduciary Responsibilities
Brught t yu by Mrris & Reynlds Insurance ERISA Cmpliance FAQs: Fiduciary Respnsibilities The Emplyee Retirement Incme Security Act f 1974 (ERISA) is a federal law that sets minimum standards fr emplyee
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 8 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk The Bard f Educatin recgnizes as new technlgies shift the manner in which infrmatin is
More informationPRIVACY POLICY Last revised: April 2015
PRIVACY POLICY Last revised: April 2015 ACD, LLC, and its affiliates (cllectively, we, us, ur ) understand that privacy is imprtant t ur cnsumers and want yu t make knwledgeable decisins abut the infrmatin
More information