River Valleys takes the security of personal data seriously. It is the responsibility of River Valleys employees, contractors, vendors, volunteers, or anyone with access to data and personally identifiable information to keep it protected.
Standards
- Definition of information to be secured:
- Personally identifiable information accessed or exported from Girl Scout systems.
- Names, email addresses, phone numbers, or any other personally identifiable information.
- Data including but not limited to participation information, demographics, eligibility for financial assistance, volunteer eligibility, and anything River Valleys deems confidential.
- River Valleys reserves the right to define compliant security measures for data and personally identifiable information.
- Definition of compliant security measures will be provided to all parties included in this policy.
- Unauthorized release, sharing, or disclosure of data or personally identifiable information is prohibited.
- Printed and electronic materials that include data or personally identifiable information must be secured by an authorized individual at all times.
- Authorized individual is defined as a person with legitimate reason to access confidential data and/or personally identifiable information on behalf of River Valleys.
- Examples of authorized individuals include but are not limited to staff, individuals appointed to a service unit, troop, or council-sponsored committee volunteer role, program partners, and contracted vendors.
- Individuals appointed to any service unit or troop volunteer role that involves accessing data requiring security must agree to keep data and personally identifiable information secure in accordance with the position description acknowledged upon assuming that role.
- Prior to the end of their term, individuals ending a volunteer role must return (to an authorized individual holding a relevant role) all printed and electronic materials containing data or personally identifiable information no longer relevant to any volunteer role(s) currently held.
- Printed materials that include personally identifiable information are to be stored in a secure location.
- River Valleys must be notified immediately if printed materials or a device(s) containing data or personally identifiable information are lost, stolen, or otherwise compromised.
- Individuals who become aware of data or personally identifiable information being shared with unauthorized individuals should notify River Valleys immediately.
- Failure to comply with this policy and its standards will result in consequences up to and including termination of employment, removal from Girl Scout volunteer roles, and possible legal action under local, state, and federal laws.