SWB Confidentiality and Data Security
This policy outlines behaviors expected of all Statistics Without Borders (SWB) volunteers who handle data and will provide guidelines for proper storage and transfer of data.
The primary objectives of this data security policy are to:
- Protect the privacy of individuals
- Protect the integrity and confidentiality of the data
- Prevent inappropriate disclosure of the data
Data confidentiality, privacy and security are priorities for SWB to ensure the protection of its customers. The protection of data is a critical business requirement, yet flexibility to access data and work effectively is also critical.
It is not to be expected that this policy can effectively deal with the malicious theft scenario or that it will reliably protect all data. Its primary objective is user awareness and to avoid accidental loss or disclosure scenarios.
Data Definition and Use
The data received by SWB will be used solely for the purpose of fulfilling the requirements of the intended project and will not be used for other purposes, without prior permission from the client organization.
Data, for the purpose of this policy, includes all information that is communicated between the client and SWB project participants. This includes documents, written and verbal communications and other types of information that are shared or created during the course of the project.
Data received by SWB in any form as part of client communication or during the project will be used solely for the purpose of fulfilling the requirements of the intended project and will not be used for other purposes, without prior permission from the client organization.
While this policy covers all types of data, of particular concern for the purpose of confidentiality, security and privacy are sensitive information pertaining to both physical persons and organizations, which includes invention description(s), technical and business information relating to proprietary ideas and inventions, ideas, patentable ideas, trade secrets, drawings and/or illustrations, patent searches, existing and/or contemplated products and services, research and development, production, costs, profit and margin information, finances and financial projections, customers, clients, marketing, and current or future business plans and models, regardless of whether such information is designated as sensitive at the time of its disclosure.
All information covered by this policy is to be classified among one of three categories, according to the level of security required. In descending order of sensitivity, these categories are "Confidential", "Internal Use Only,” and “Public.”
- Confidential: includes sensitive personal information (SPI) or personally identifiable information (PII) and must be given the highest level of protection against unauthorized access, modification or destruction. SPI/PII is information that can be used to identify or locate a specific individual. Examples of confidential information include, but are not limited to, information protected under privacy laws, names, date or place of birth, address, national ID, medical/health information, account number of any type, IDs, handles, and URLs, among others as well as any content that can be used to determine the identity of the individuals through triangulation and deduction.
- Internal Use Only: is less sensitive than confidential information, but if exposed to unauthorized parties could contribute to identify theft, financial fraud and/or violate State and/or Federal laws, or is restricted by the client.
- Public: is generally available to the public, or if it were to become available to the public, would have no material adverse effect on individual members of SWB, the client organization and/or any related parties.
It is the responsibility of the SWB Business Consultant and the client to identify which data that will be used during the project belong to which of these categories, and to agree on protocols to protect the confidential and internal use categories.
It is the responsibility of SWB volunteers working with client data to ensure that data identified as confidential or internal use only not be made available outside the project team. Access to the confidential and internal use only data, whether raw or in a format specific to an application or software tool (i.e., application-native), will normally be limited to the SWB volunteers processing and/or analyzing the data.
Storage and Retention
Copies/duplication of data will be kept to the minimum necessary to complete the project.
All confidential data or data for internal use only will be removed from equipment/environment within 120 days of sign-off for project completion or sooner if requested by the client. All data not publicly available will be encrypted according to industry best practices and destroyed at the end of the maximum retention period.
Any transfer of data (email attachments, email body, FTP, removable media, etc.) with confidential or for internal use only information will be encrypted, transmitted using secure file transfer protocols, and/or transferred via a secure file sharing service.
Encrypted data file and password/key for unencrypting it will not be transmitted via the same channel.
- Minimum encryption level for data with sensitive information is PGP, AES-128, or equivalent or stronger. The encrypted data file may be keyed or self-extracting (password).
- All back-ups and other copies due to current operational process must adhere to the same standards above.
- Any unauthorized use or disclosure of sensitive data will be reported to the organization within 72 hours of discovery by SWB.
Last Updated on 23 May 2018
This statement discloses policies and procedures concerning information gathering and dissemination practices for Statistics Without Borders (SWB). Each time you use our site, the current version of the Privacy Statement will apply. This Privacy Statement is applicable to all site visitors, registered users, and all other users of our site.
"Personal Data" is any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
By visiting this website, you acknowledge that you have read and understood the processes and policies referred to in this Privacy Statement.
If you have any questions or concerns about this Privacy Statement, please contact us using the Contact Us section on our site. Alternatively, you can contact us by sending an email to firstname.lastname@example.org.
Users of this website may differ in their access or needs. We recommend you read this policy in its entirety to understand your and our responsibilities. We use your IP address to help diagnose problems with our server and administer our website.
We collect members’ contact information (e.g., name and email address) and statistical background information (e.g., areas of study and interest). Contact information is only used to send information about our organization and calls for volunteers. This contact information is also used to get in touch with members when necessary. Members’ contact information is never shared with other organizations or individuals without members' permission.
We may share your Personal Data for the purposes described in this Privacy Statement with:
- SWB Executive Committee and other project team members
- Client organization for projects
- Analytics and search engine providers that assist us in the improvement and optimization of our site
- American Statistical Association (parent organization of SWB)
Our site is not directed to minors. If you are a minor under the laws of our country, do not use our site. Please have your parents contact us on your behalf. We do not knowingly collect Personal Data from minors. If we learn that Personal Data of minors has been collected through our site, we will take the appropriate steps to delete this information.
Members can change their address and related information at the SWB membership site by visting their profile.
The SWB website has security measures in place to protect against the loss, misuse, and alteration of the information under our control. Members’ personal information is behind a firewall, modifiable by each member only by password access through secure forms pages. Member Directory information is not accessible by search engines that target HTML pages.
What is a cookie?
What do cookies do?
- Strictly necessary cookies: These cookies are required for the operation of our website, including cookies that enable you to log in to secure areas or update membership information.
- Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us improve the way our website works, for example, by ensuring you are finding what you are looking for easily.
- Functionality cookies: These cookies are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences (e.g., your mailing and notification preferences).
Most internet browsers are initially set up to automatically accept cookies. You can change the settings to block cookies or to alert you when cookies are being sent to your device. There are many ways to manage cookies. Help in turning off cookies can be found in your browser or mobile phone help files or at this website. If you disable the cookies we use, you may not be able to access all or parts of our site.
Cookies used on the SWB Website:
Stores the last opened page in admin view. Used when switching between public and admin view.
|Additional session key
Also used to display notifications in place of the logo
Used to display notifications in place of the logo
Used for CSRF (Cross-site request forgery) attack protection
Stores the return URL after an unsuccessful attempt to authorize a transaction
Used to determine if the user is viewing the site in https mode
Stores the last opened page in public view. Used when switching between admin and public view.
Stores the return URL after successfully authorizing a transaction
|Stores role of user (contact/member/admin)
|Stores the association ID. Used when authorizing a transaction
|Used to display information about incomplete applications and event registrations, open invoices etc.
|Test cookie used to determine if cookies are enabled in client browser
Main authorization cookie
Used for wizards (member application, event registration, etc)
Also used for wizards (member application, event registration, etc)
Possible Future Privacy Policies
The policies above are in development, pending use of this website for other activities that might affect privacy.