Personal Identity Information (PII)
Purpose of this Policy
Access Profiles, Inc. (API) recognizes the need to maintain the confidentiality of Personal Identity Information (PII) and understands that such information is unique to each individual. The PII covered by this policy may come from various types of individuals performing tasks on behalf of the company and includes employees, applicants, independent contractors and any PII maintained on its customer base. The scope of this policy is intended to be comprehensive and will include company requirements for the security and protection of such information throughout the company.
Key Elements of the Policy
Personal Identity Information (PII): Unique personal identification numbers or data, including:
- Social Security Numbers (or their equivalent issued by governmental entities outside the United States).
- Taxpayer Identification Numbers (or their equivalent issued by governmental revenue entities outside the United States).
- Employer Identification Numbers (or their equivalent issued by government entities outside the United States).
- State or foreign drivers license numbers.
- Date(s) of birth.
- Corporate or individually held credit or debit transaction card numbers (including PIN or access numbers) maintained in organizational or approved vendor records.
- Full names (in conjunction with other PII)
- Current and Past Addresses
- Telephone Number
- Email Address (if private)
- Vehicle Registration Plate Number
- PII may reside in hard copy or electronic records; both forms of PII fall within the scope of this policy.
PII Retention: API understands the importance of minimizing the amount of PII data it maintains and retains such PII only as long as necessary.
PII Training: All new hires entering the company who may have access to PII are provided with introductory training regarding the provisions of this policy and are provided with a copy of this policy. Employees in positions with regular ongoing access to PII, or those transferred into such positions, are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive training regarding the security and protection of PII data and company proprietary data. Training to be updated in accordance with changing laws and regulations.
Data Access: API maintains automated systems where PII data may reside; thus, user access to such systems is the responsibility of the company. Any termination of an employee or independent contractor with access will immediately result in the termination of the user’s access to all systems where the PII may reside.
Data Transmission and Transportation:
Portable Storage Devices: API reserves the right to restrict PII data it maintains in the workplace. In the course of doing business, PII data may also be downloaded to laptops or other computing storage devices to facilitate company business.
To protect such data, the company will also require that any such devices use security protection software while such devices are in use on or off company premises.
Off-Site Access to PII: API understands that employees may need to access PII while off site or on business travel, and access to such data shall not be prohibited, subject to the provision that the data to be accessed is minimized to the degree possible to meet business needs and that such data shall reside only on assigned laptops/approved storage devices.
Regulatory Requirements: It is the policy of the company to comply with any international, federal or state statute and reporting regulations.
Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that that such PII is to be restricted to only those with a business need to know.
Violations of PII Policies and Procedures: API views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in the company’s PII onboarding and refresher training to reinforce the company’s continuing commitment to ensuring that this data is protected by the highest standards.
All questions and concerns regarding this privacy statement should be directed to us at:
Access Profiles, Inc.
113 Scott Ave.
Glenshaw, PA 15116