- PURPOSE
The purpose of this policy is to establish the requirements to ensure the protection of data collected, compiled, used, disclosed, or stored by Caregivers Alberta and protect the integrity of information technology resources against unauthorized and malicious use.
- SCOPE
Applies to Board of Directors, Management, Employees (FT, PT, Temporary, Casual), Contractors, Volunteers and Students utilizing Caregivers Alberta information technology systems.
- POLICY
3.1. Data owners or organizational representative are responsible for classifying data and for requesting access for their staff.
3.2. Data owners or organizational representative, in collaboration with IT, are responsible for setting the data protection standards for all data under their ownership.
3.3. Data collected, compiled, used, disclosed, or stored by Caregivers Alberta shall have a designated responsible employee in each department who shall classify and manage data for that department and ensure this policy is followed.
3.3.1. Data access and storage requirements shall be commensurate to those staff with valid business reasons to access the records.
3.3.2. Physical data, such as paper documents, personnel files, board meetings minutes, program documentation, training materials, accounting materials, etc. shall be stored in a secure location, such as a locked office or locked filing cabinet.
3.3.3. Systems access shall be managed through the use of a unique user account and strong password such as password complexity requirements and Multi Factor Authentication.
3.3.4 Protected digital data shall be maintained and controlled at designated and approved storage site as per the Executive Director.
3.4. All Caregivers Alberta staff are responsible for using information technology resources in a secure manner, including but not limited to not clicking on suspicious links or opening suspicious email attachments.
3.5. Access to any wired or wireless network connected information technology resource shall be via a log-on process identifying and authenticating the user. Where network security is in question, an approved Virtual Private Network (VPN) solution shall be used.
3.6. Anyone who witnesses unacceptable use of Caregivers Alberta information technology resources or who suspects an information security incident occurrence or breach shall report it immediately to the Information Technology Administrator and the Executive Director.
Privacy concerns?
Contact the Executive Director at office@caregiversalberta.ca.