What is Data (Privacy) Management Protection about?
Protecting Private Information
We all should be concerned about protection private information, our own, and that of our customers. By nature of our work we all work with personal information every day. Documents with personal information are on our computers and in our files. These documents need to be kept safe so we do not expose ourselves to any unnecessary risks.
What do you mean by Personal Information?
Personal information (sometimes referred to as personally identifiable information) is information that concerns, or can be related to, an identifiable individual. Some examples of personal information are as follows: Name, Home or e-mail address, Date of Birth, National Identification number (for example, a Social Security or Social Insurance Number), and even Physical characteristics (passport photos etc.).
What are the specific risks of having inadequate privacy policies and procedures related to Data (Privacy) Protection Management?
If a data leak resulting in data compromise occurs, it can lead to identity theft which can bring damage to individual finances or trust level. Improper use of data can also damage the organization’s reputation, brand, or business relationships. Sometimes there are legal liabilities, industry, or regulatory sanctions as a result as well. This could also mean lost business and consequential reduction in revenue and market share which can greatly disrupt our operations. There are many risk, and subsequently many reasons we should all be informed and care about protecting our data.
What is a Privacy Notice?
A privacy notice is a statement of the overall intentions and direction of a company describing its commitment how personal information is collected, used, retained, disclosed, and disposed.
By privacy we mean the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.
These 10 privacy principles are essential to the proper protection and management of individual client’s personal and sensitive information. They are based on internationally known fair information practices included in many privacy laws and regulations of various jurisdictions around the world and recognized good privacy practices.
S&M Moving Systems Adheres to the recommended FIDI 10 privacy principles as follows:
1. Management: All of us are accountable to uphold our privacy policies and procedures:
· Observe fully conditions regarding the collection and use of information
· Meet our legal obligations to specify the purposes for which information is used
· Collect and process appropriate information, and only to the extent that it is needed to fulfill our operational needs or to comply with any legal requirements
2. Notice: S&M Moving Systems notifies our clients and customers about our privacy policies and procedures in our contracts and individual quotations. Our notice is also available on the smmoving.com website.
3. Choice and consent: S&M Moving Systems describes the choices available to the individual with respect to the collection, use, and disclosure of personal information when asked to do so. By engaging S&M Moving Systems for your international relocation, you give your explicit consent with respect to the collection, use, and disclosure of personal information.
4. Collection: S&M Moving Systems collects personal information only for S&M Moving Systems work purposes. We use customer information to service our accounts, process claims, ensure proper billing, and to offer the customer other services and products that may suit their needs.
5. Use, retention, and disposal: S&M Moving Systems retains personal information for only as long as required by law or regulations and thereafter appropriately disposes of such information.
6. Access: S&M Moving Systems provides individuals with access to their personal information for review and update.
7. Disclosure to third parties: S&M Moving Systems discloses personal information to third parties only for work purposes and with the implicit or explicit consent of the individual.
8. Security for privacy: S&M Moving Systems protect personal information against unauthorized access (both physical and logical). Personal data will only be accessible to authorized staff.
9. Quality: S&M Moving Systems maintains accurate, complete, and relevant personal information for the purposes identified in this notice. We retrieve your personal data from emails you shared with us, your employer and/or relocation company and from documents you share with S&M Moving Systems.
10. Monitoring and enforcement: S&M Moving Systems monitors compliance with its privacy policies and procedures and has procedures to address privacy related complaints and disputes. All S&M Moving Systems staff is aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.
What does S&M Moving Systems do to protect Personal Information?
· S&M Moving Systems does a great job of protecting our customer (and employee) data through a combination of management efforts, notifications to clients and customer, internal safeguards, access control points, monitoring and enforcement mechanisms.
· S&M Moving Systems maintains a private network. (Domain LAN with an EVOLVE Managed Network).
· S&M Moving Systems also maintains updated virus protection and patches on all machines. (McAfee Virus Scan Enterprise version).
· Data backups are done hourly which are encrypted and sent off-site daily. (Barracuda backup Hardware runs daily at all our sites and is replicated to our Data Center Daily as well).
· Firewalls are in place to ensure that outside attacks are kept from our data. (Evolve Managed Network)
· Management conducts monitoring and reporting on all systems, software, and hardware daily. (S&M’s IT department keeps up to date on the health and accounting of our IT infrastructure.
· S&M Moving Systems also protects data internally by limiting access to only appropriate associates whose duties require them to access the data through Group Policy. Some Group Policies in place prevent users from uploading or downloading data to external media. (Access to the S&M Network and its data is managed through Active Directory & Group Policy. We manage the ability of our employees to access data and can disconnect their access at any time.
· Passwords are changed every 180 days by the user and an idle timeout feature has been implemented for all users on all machines.
· Customer’s personal information is classified "Private and Important" S&M Moving Systems and its appointed service providers shall protect the information collected from customers. S&M Moving Systems shall brief customers about the usage of their information how we use and make of it in the course of the services S&M Moving Systems provide.
Customer can change or update their personal details by email to respective sales that liaison with or move coordinator that assigned to monitor their move. Changes on customers' personal details cannot be completed via phone calls.
· Upon customer accepting S&M Moving Systems move quotation, the customer agrees to release their personal details to S&M Moving Systems and appointed supply chain providers for move process. Customer may choose not to allow the sharing of their information with third parties. But, if customer does not allow sharing of their information, S&M Moving Systems will not be able to process their move services. Customer’s option allowing or denying the Information to be shared shall affect the final move process. S&M Moving Systems need to obtain written confirmation from customer in even customer decided not to share their personal details to S&M Moving Systems supply chain vendors.
· These standards required personal data such as passport photo copy, full name, home address, mobile/telephone contact, email address or other Information collected from customers to be share only with S&M Moving Systems appointed supply chain service providers that expedite customers' relocation service. All third parties are prohibited from using customer personal information except to provide services for their relocation. Supply Chain service providers are required to maintain the confidentiality of customer information at all times. Passport photo copy (hard copy) used for custom clearance; to be disposed of within a period of 14 days after completion of each shipment from supply chain job file. A soft copy can be save to company i-Cloud that is password protected that only the General Manager / Branch Manager can access. Complete delete or remove of personal data especially passport copy from i-Cloud storage is maximum 3 years from completion of shipment.
· Move Quote that provided by sales or surveyors to customers must contain "Data (Privacy) Protection Management" clause that clearly mentioned “all personal documents (especially) passport copy will disposed of after 14 days completion of move job.”
· Data users, including S&M Moving appointed freight forwarders are also required by these standards to have a schedule of disposal for S&M Moving customer's personal data where it has been inactive for a period of 14 days. These standards are considered the "minimum" standards to be observed by data users, as each and every requirement of these standards must be implemented as part of the data user's policy in its handling of personal data of S&M Moving customers. Data users including S&M Moving appointed freight forwarders failures comply with the 14 days disposed of period shall be terminated from their duty or appointment.
In order to assure that the freight forwarders or appointed agents comply with the above-mentioned requirement, Data Privacy Protection Management will be acknowledged by each freight forwarders or appointed agent annually.
Unigroup also maintains a robust data protection program that focuses on protecting the confidentiality, integrity, and availability of information. Unigroup employs enterprise-class technologies that provide network-based intrusion detection and multiple-firewall segmentation to protect the network infrastructure. End-user workstations are protected using host-based intrusion prevention, anti-virus, and anti-malware software. Corporate laptops are in the process of being further protected with drive encryption software. Production applications are hosted in a multi-tier secured data center environment that utilizes mid- range virtual application servers and mainframe transactional and database services. Credit card transactions are tokenized removing all risk associated with payment card processing.
What else can S&M Moving Systems or I do to protect personal data?
You can be aware of what personal data is and be careful when handling or sharing it. In our business, we outsource services to other agents all over the country and all over the world. Outsourcing increases the complexity for dealing with privacy. Complexity increases when the entity that performs the outsourced service is in a different country and may be subject to different privacy laws or perhaps no privacy requirements at all. In such circumstances, S&M Moving Systems notifies our agents that they also need to ensure that they are managing their privacy responsibilities appropriately.
S&M Moving Systems will review Data Privacy Protection on annual basis, update to meet local law and the moving industry requirement. We also regularly update our employees with the importance of data privacy information.
S&M Moving Systems advise our agents worldwide that we uphold the standards of data privacy.
Customers who have inquiry about Data Privacy Protection or feel that S&M Moving Systems has not taken the
appropriate steps to protect their privacy of the Information, the customer can contact S&M Moving Systems at
1-800-234-7554, Mike Dahl, General Manager or email@example.com
Glossary of Terms
Privacy: The rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.
Data (Privacy) Protection Management: Systematic application of management policies, procedures and practices with respect to the collection, use, retention, disclosure, and disposal of personal information in conformity with the commitments described in the Applicant’s Privacy Notice.
Privacy Notice: Statement of the overall intentions and direction of a company describing its commitment how Personal Information is collected, used, retained, disclosed, and disposed.
Personal information: (sometimes referred to as personally identifiable information) information that concerns, or can be related to, an identifiable individual. Individuals, for this purpose, include prospective, current, and former customers, employees, and others with whom the entity has a relationship. Most information collected by an organization about an individual is likely to be considered personal information if it can be attributed to an identified individual. Some examples of personal information are as follows:
· Home or e-mail address
· Date of Birth
· Identification number (for example, a Social Security or Social Insurance Number)
· Physical characteristics
Sensitive information: Some personal information is considered sensitive. Some laws and regulations define the following to be sensitive personal information:
· Information on medical or health conditions
· Financial information
· Racial or ethnic origin
· Political opinions
· Religious or philosophical beliefs
· Trade union membership
· Sexual preferences
· Information related to offenses or criminal convictions
Privacy or Confidentiality?
Unlike personal information, which is often defined by law or regulation, no single definition of confidential information exists that is widely recognized. In the course of communicating and transacting business, partners often exchange information or data that one or the other party requires be maintained on a “need to know” basis. Examples of the kinds of information that may be subject to a confidentiality requirement include the following:
· Transaction details
· Engineering drawings
· Business plans
· Banking information about businesses
· Inventory availability
· Bid or ask prices
· Price lists
· Legal documents
. Revenue by client and industry
Also, unlike personal information, rights of access to confidential information to ensure its accuracy and completeness are not clearly defined. As a result, interpretations of what is considered to be confidential information can vary significantly from organization to organization and, in most cases, are driven by contractual arrangements.
Explicit consent: “Explicit” in the data protection world generally means “specific”. In other words the consent must specify the particular types of data, the specific purposes for which they may be used and/or the countries to which they may be disclosed.
Implicit consent: “Implicit” refers to “not specific” It is consent which is not expressly granted by a person or company, but rather inferred from a person or company's actions and the facts and circumstances of a particular situation.
Supply Chain: A Supply Chain is a system of organizations, companies, people, activities, information, and resources involved in moving a product or service from supplier to customer.Supply Chain Management: The network created amongst different companies producing, handling and/or distributing a specific product or service. Specifically, the supply chain encompasses the steps it takes to get a good or service from the supplier to the customer. Supply chain management is a crucial process for many companies, and many companies strive to have the most optimized supply chain because it usually translates to being able to delivEndFragment