The Confidentiality Policy applies to employees, former employees, contractors, consultants, temporary employees, volunteers, board members and all other workers at the Company, including all personnel affiliated with third parties.
As a condition of employment and continued employment with the Company, all employees are expected to conduct themselves in a manner which protects confidential information. All non-employee parties covered under this policy are expected to conduct themselves in a manner which protects confidential information. This policy is not intended to prevent disclosure where disclosure is required by law and any legal requirements will take precedence over the Company policy. Access to confidential or non-confidential information contained on internet/intranet/extranet systems shall be based on the job/role needs as determined by the Executive Director or Chair of the Board of Directors as appropriate. Confidential information shall include, but not be limited to, addresses, phone numbers, account information, passwords, pass codes, state or government issued driver’s license or identification card numbers, government passport numbers, birth dates, social security numbers, personal identification numbers, credit card numbers, bank account numbers, other Financial Transaction Devices (as defined in Colorado Revised Statutes 18-5-701(3)), biometric data (as defined in Colorado Revised Statutes 6-1-716(1)(a)), credit history, wage and salary information, medical data, applicant and personnel information, employer, student or military identification numbers and employee background checks.
Other information that may be deemed confidential includes, but is not limited to, client information (including pet ownership unless authorized by the client and surrendering party), all donor information (unless specifically authorized by the donor), legal impound/holds.
All necessary steps to prevent unauthorized access to this information shall be taken.
1. It is recommended that any information that users consider sensitive or vulnerable should be encrypted.
2. Removing any asset or media that contains confidential information from the Company premises (computers, laptops, hard drives, flash drives, backup tapes/disks, paper records, cloud-based storage) is prohibited without explicit prior approval by the Executive Director.
3. If confidential information is approved for removal from the Company premises, under no circumstances should it be accessible to any individual or individual(s), including, but not limited to, family members, computer service technician, without the explicit prior approval by the Executive Director.