Written Information Security Program (Wisp) For Protection Of Personal Information Template Page 5
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
113. Employees and Board Members are prohibited from keeping
unsecured files containing Personal Information in their work area
when they are not present, or otherwise failing to take reasonable
measures to protect the security of Personal Information.
4. At the end of the work day, all files and other records containing
Personal Information must be secured in a manner that protects the
security of Personal Information.
5. All employees and Board Members are required to comply with the
provisions of the WISP, and if the security provisions of the WISP are
violated by an employee, the Data Security Coordinator or, in the case
of a Board Member, the Corporation’s board of directors shall
implement the following disciplinary procedure:
a. For minor infractions, with the definition of “minor” to be
determined by the Data Security Coordinator or the board of
directors based upon the nature of the violation and the nature
of the Personal Information affected by the violation, the
employee or Board Member shall be disciplined by either a
verbal or a written warning.
b. For major infractions, with the definition of “major” to be
determined by the Data Security Coordinator or board of
directors based upon the nature of the violation and the nature
of the Personal Information affected by the violation, the
employee or Board Member shall be disciplined by suspension
or termination. The definition of “major” may include a
pattern of three or more “minor” violations.
6. Resigned or terminated employees or Board Members must return all
records containing Personal Information , in any form, that may be in
the former employee’s or Board Member’s possession (including all
such information stored on laptops or other portable devices or media,
and in files, records, work papers, etc.)
7. A resigned or terminated employee’s or Board Member’s physical and
electronic access to Personal Information must be immediately
blocked. Such resigned or terminated employee or Board Member
shall be required to surrender all keys, IDs or access codes or badges,
business cards, and the like, that permit access to the Corporation’s
premises or information. Moreover, such terminated employee’s or
Board Member’s remote access to Personal Information (such as
internet access, e-mail access, voice-mail access) must be disabled.
The Data Security Coordinator shall maintain a highly secured master
list of all lock combinations, passwords and keys.
8. Employees and the members of the Corporation’s board of directors
are encouraged to report any suspicious or unauthorized use of
Personal Information.
5
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Life