Definition of Client Sensitive Information
For the purpose of this policy, “client sensitive information” refers to any information about an individual that can be used to identify them, including but not limited to their name, address, telephone number, email address, and financial information.
Access to client sensitive information is restricted to authorized employees, contractors, and agents of Public Alliance, LLC who have a need to know such information in the course of their work. These individuals are bound by strict confidentiality agreements and may be subject to disciplinary action or termination if they fail to comply with this policy.
Client sensitive information may only be collected, used, or disclosed for the following authorized purposes:
- To provide our services to clients
- To communicate with clients
- To comply with legal or regulatory requirements
- To maintain our business records
- For other purposes to which clients have consented
- Collection, Use, and Disclosure of Client Sensitive Information
- Client sensitive information will only be collected, used, or disclosed with the client’s express consent, or as otherwise permitted or required by law.
Maintenance and Access
Client sensitive information will be kept in a secure and confidential manner and will be accessible only to authorized employees, contractors, and agents of Public Alliance, LLC.
Transmission of Client Sensitive Information
Client sensitive information will be transmitted using secure methods, such as encrypted email or secure file transfer protocols.
The company will retain client sensitive information for as long as is necessary to fulfill the authorized purposes for which it was collected, or as required by law.
Questions and Complaints
Access to client sensitive information will be restricted to authorized employees, contractors, and agents of Public Alliance, LLC who have a need to know such information in the course of their work. These individuals will be granted access to client sensitive information on a least privilege basis, meaning they will only be granted access to the information they need to perform their job duties.
Client sensitive information will be encrypted both at rest and in transit, using industry-standard encryption algorithms.
The company will implement firewalls and other network security measures to protect client sensitive information from unauthorized access.
The company will have a documented incident response plan in place, outlining the steps to be taken in the event of a security incident involving client sensitive information.
All security incidents involving client sensitive information will be reported to the appropriate individuals within the company and to any relevant regulatory authorities.
The company will conduct due diligence on any third-party vendors or service providers who may have access to client sensitive information and will put in place agreements requiring these vendors or service providers to protect client sensitive information in accordance with the company’s policies and procedures.
Audit and Compliance
The company will conduct regular audits of its policies and procedures related to client sensitive information, and will take any necessary steps to ensure compliance with all applicable laws and regulations.