Client Data Security Policy
Purpose: To protect the integrity of client and donor information.
Responsibility: It is the responsibility of each UCS employee and board member to prevent the compromise of personal information and maintain data security.
Policy: UCS will ensure that all computers and laptops are password protected. Servers, firewalls, routers and monitoring devices will be monitored.
Removable drives/devices/laptops shall be kept secure and only UCS data may be stored and/or uploaded/downloaded. Credit card processing equipment shall not print or display personal data except that which is necessary for processing. Any CD’s, thumb drives or computer hard drives which are being disposed of will be physically destroyed and/or magnetized for erasure, before disposal.
Sharing of client/donor data between employees/board members shall only be done as necessary to ensure proper job performance. No confidential client information shall be recorded or shared outside of the UCS work environment.
All paper files which contain personal data shall be kept locked until information is no longer needed, at which time files shall be shredded.
Violation of privacy which compromises personal information by any employee shall result in disciplinary action as authorized by UCS personnel policies.