The URL can be used to link to this page

Home My WebLink AboutPolicies - New Hope DV/SA0; ;new. .1cagizinvings.. beff. r to.-Morro-Wo'.5. Policy and Procedure Approval Letter October 89 2019 To: New Hope Employees and Volunteers Re: Policies and Procedures The following policy has been added to the N ' ew Hope Policy and Procedure Manual. R7 -Data Breach of Personally Identifying Information This policy has been reviewed and approved, as signified by signatures below. Tom Taylo4,Chair Cindy CAter,k-'Wce Chair Richard Stevens, Member - 16/-1/mac Date POLICIES AND PROCEDURES ,$ Title: Data Breach of Personally Policy Date: 9/2019 -� Identifying Information PolicX Flaw f%:jl{riMY�+4. r'7td• '::Ckd><Yd:t. POLICY #R7 Polic It is the policy of New Hope to prioritize the protection of personally identifying client information. Clients may face significant safety and privacy risks if their personal information were shared without their consent. It is our policy to ensure due diligence in the protection of client information as well as have a prompt and careful response in the event of any data breach of personally identifying information. Our policies will follow the requirements set forth by our federal filnders, state fiinders and RCWs 19.255.010— .02 0, 42.5 6.010 and 42.5 6.5 9 0. Procedures: The following procedures are intended to mitigate the amount of personally identifying information that could be at risk as well as detail the response of New Hope in the event that a data breach of personally identifying information were to occur. 1. The best practice for data collection is to collect as little information as possible, and to keep it for the minimum amount of time necessary, -while taking into consideration documentation requirements of fiinders. (See Policy #R6 Records Retention and Destruction Policy) 2, The Director or designee shall review all data security practices with relevant administrative staff in order to ensure practices are current and secure twice per year. 3. Annually, the Director or designee will: • Review all current data collection and retention practices to ensure that New Hope does not collect information that is unnecessary. • Ensure that retention policies are being followed and data properly destroyed that is no longer required to be kept. Consult with GCTS professionals to ensure that New Hope's data security measures are up-to-date and that the proper mechanisms are in place to protect the information that is collected. In the event of a data breach of personally identifying/confidential client information: 1. The Director or designee will snake every reasonable effort to contact all individuals whose information may have been compromised. In making contact, care must be taken to: • Provide direct written notification to every person affected by a data breach, either by mail or email that carefully considers how to minimize the risks of accidental or intentional interception. Policy RT Data Breach of Personally Identifying Information 1 POLICIES AND PROCEDURES ® Consider how notifications may impact survivors and be prepared to respond by offering advocacy related services, emotional support, and/or referrals as they deal with the fallout of accidental or unauthorized disclosure. 2. within 24 hours of an actual occurrence of a breach or the detection of an imminent breach of personally identifying the\ Director or designee will inform pertinent OCVA or DSHS Program Managers via email and/or voicemail. Policy RT Data Breach of Personally Identifying Information 2