Table of Contents Table of Contents
Previous Page  102 / 105 Next Page
Information
Show Menu
Previous Page 102 / 105 Next Page
Page Background

Confidential — for Internal Use Only

Associate Handbook August 2016 |

102

–– Social Security Numbers (SSN) cannot be used in any correspondence or emails sent externally; instead

use the reference code or the last 4 digits of the SSN.

–– Any reports that contain the SSN must be physically secured and shredded or placed in shred bins

when discarded.

–– Never copy documents or data which include SSNs or other non-public information for use to

unencrypted flash drives, external hard drives, personal home computers, CDs or other remote media

unless absolutely required to meet a critical business need. In that case, follow ICMA‑RC’s USB flash

drive and CD writer copy encryption policy.

–– Never use a personal email account or personal BlackBerry for any ICMA‑RC business emails, business

text messaging or business-related communications. Never forward an ICMA‑RC email containing

client or employer information to a personal email account.

Breaches of Personal Information

To comply with all state laws regarding protection of personal information, associates must report to the

Manager of Information Security any disclosures of any of the following information to an unauthorized person:

Personal information, defined as an individual’s first name or first initial and last name in combination with

one or more of the following data elements:

1

Social Security Number (SSN)

2

Account number, credit card number, debit card number, reference code, PIN or other numbers that can

be used to access the individual’s accounts

3

Driver’s license, state identification or tribal identification number or card

4

Passport or other federally issued identification number or card

5

Taxpayer identification number

6

Medical information or health insurance information

7

Unique biometric data, such as a fingerprint, or other unique physical representation or digital representa-

tion of biometric data

8

Digital or electronic signature

9

Birth date

10

Mother’s maiden name

or

any of data elements 1 through 3 above without a name if the information compromised is sufficient to gain

access to an individual’s financial or credit account, to perform or attempt to perform identity theft, or to

fraudulently assume or attempt to assume the identity of the person whose information is compromised.

For additional information, see the entire ICMA‑RC Corporate Privacy Policy on the intranet at

my.icmarc.org

.