Definition of Confidential Information. Confidential Information includes: a. Attorney-client privileged information, b. Employee Records, c. Mailing lists, d. Donor personal information, such as social security number and date of birth, e. Donor financial information and analysis, including credit card information, f. Pedigree and financial information about other individuals, g. Medical information, particularly medical information covered by HIPAA, and h. Organization financial records, unless in the public domain by law.
Confidential Information Not for External Distribution. The Organization does not sell or share confidential information to any third parties to use for their own purposes. The Organization may provide confidential information to certain third parties, such as printers, data management vendors, and data analysis companies, as reasonably required by the needs of the Organization.
Internal Distribution. Confidential information is distributed internally only on a “need to know” basis.
Possible Breaches. Breaches of privacy may occur in the following situations, among others: a. Through discussions with employees of other Organizations, b. By mixing up letters and envelopes, c. By leaving papers exposed on office desks, d. By providing information to impostors, e. By having one electronic device lost or stolen, f. By discussing confidential information with one’s family and friends, and/or g. By discussing confidential information in a loud voice when others can hear. Everyone involved in the Organization should be cautious and so avoid breaches.
Correcting Errors. The Organization will promptly any correct errors which come to its attention.
Reporting Breaches. An employee aware of a breach must report it to the Litigation Director.
Notification to Persons Whose Information has been Breached. In the event of a breach the Organization will notify each person whose information has been improperly released.
Procedures for Protection. The Organization will maintain reasonable protective procedures such as locks, computer passcodes and firewalls, and disposal of paper documents by shredding.
Post Employment Duty. The duty to maintain confidentiality shall continue after termination.
Cooperation with Government. The Organization will cooperate with courts, regulatory agencies, and law enforcement Organizations, subject to the right of court challenge.
