CHARLES COUNTY_Technical Proposal_USB

STUDENT DATA PRIVACY USAGE

Storefront Privacy Policy This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website PCI Compliance The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment This applies to any merchant that has a Merchant ID Protecting Visitor Information An SSL certificate is used to encrypt all information provided by the user No credit card information is stored on our servers A payment gateway provider is used for all monetary transactions

Data Security Our Data Management Team will work directly with the district’s IT Department or school to obtain the student data needed for picture day and service items In the course of performing the function of providing photography services, we will only release information in the following circumstances: Mailing (digital or printed) information to families regarding purchasing photographs The student information submitted is confidential information and shall be used only for the purposes stated in the agreement We agree not to share or disclose this data with any third-party outside of the purposes stated in this proposal, unless required to do so by law or other agency regulations Barksdale Portal This network is protected with security that includes firewalls and application firewalls Logins are assigned with rights and rules created by user SSL encryption maintains confidentiality of data transmission over networks

CYBER INCIDENT RESPONSE PLAN (IRP)

• Detection and discovery • Escalation • Investigation and Analysis • Evidence Preservation • Communications and Notifications • Follow-Up Investigation

• Response to Regulatory Inquiry and/or Litigation • Post-Incident Review • Plan Maintenance and Training • Testing and Review.

35