From: Scott McGrath <email@example.com>
To: Eduardo Gutentag <firstname.lastname@example.org>, email@example.com
Date: Thu, 9 Dec 2010 15:58:12 -0500
copying board-comment list and replying to Eduardo's message--which is not being forwarded to board-agenda...
I agree with replacing "resident" with "person or individual". I understand that you see that as helpful, I see it as harmless.
It is worth noting that the original language used was based on the need to comply with Massachusetts state law. (thus the word "resident") Operating in MA means we must comply with MA law.
This policy didn't attempt to address all potential issues globally-- it seems very murky how any other foreign local regulations would impact us, or if we could ever find all the words necessary to be in compliance with all jurisdictions.
Lastly, it might be worth considering if we are exposed to PFI from non-US residents. As a matter of practice the only situations that allow us to capture the data types typically defined as Personal Financial Information is for employees-- we do not record any PFI on members. We only employ folks in the US. People who look like employees outside the US are actually contractors, who are not required to provide any Personal Financial Information. We do capture enough bank account information necessary for us to wire payments -- but we believe most/all use a business shell or business account, therefore exempting themselves from any PFI considerations.
The definition of Personal Information seems to be
limited to persons residing in the United States, thus excluding
both some employees and many members of OASIS -- which according
to the "Objective" section should be covered by it. Also it would
appear that the word "resident" in the first sentence of the
Personal Information section is inappropriate in this context and
should be replaced by "person" or "individual".
On 12/08/2010 12:44 PM, Jim Hughes (LCA) wrote:
Posting the new Information Security Program/Policy for approval at next week's board meeting - agenda item 6.