PENNSBURRY_9-12_Flipbook

STUDENT DATA PRIVACY USAGE

Storefront Privacy Policy This privacy policy is crafted to address the concerns of individuals regarding the usage of their ‘Personally Identifiable Information’ (PII) online. PII, as defined in US privacy law and information security, refers to information that, either alone or in conjunction with other data, can identify, contact, locate, or contextualize a single person. We encourage you to thoroughly read our privacy policy to gain a comprehensive understanding of how we collect, use, protect, and handle your Personally Identifiable Information in alignment with our website practices. PCI Compliance The Payment Card Industry Data Security Standard (PCI DSS) comprises a set of requirements meticulously crafted to guarantee that every entity engaged in processing, storing, or transmitting credit card information upholds a secure environment. This mandate is applicable to all merchants possessing a Merchant ID. Protecting Visitor Information An SSL certificate is used to encrypt all information provided by the user. No credit card information is stored on our servers. A payment gateway provider is used for all monetary transactions.

Data Security Our Data Management Team will collaborate directly with the district’s IT Department or school to acquire the necessary student data for picture day and related services. While delivering photography services, we commit to releasing information solely under the following circumstances: mailing (digital or printed) information to families regarding photograph purchases. The student information provided is deemed confidential and shall be utilized exclusively for the purposes outlined in the agreement. We pledge not to share or disclose this data to any third party beyond the specified purposes in this proposal, unless compelled to do so by law or other regulatory agency requirements. Barksdale Portal Security measures safeguard this network, incorporating both firewalls and application firewalls. User logins are granted with specific rights and governed by established rules. SSL encryption is implemented to preserve the confidentiality of data during transmission across networks.

CYBER INCIDENT RESPONSE PLAN (IRP)

• Detection and Identification • Escalation Procedures • Investigation and Analysis Processes • Preservation of Evidence • Communication and Notification Protocols

• Subsequent Investigation Steps • Response to Regulatory Inquiry and/or Litigation • Post-Incident Review • Ongoing Plan Maintenance and Training • Testing and Evaluation

7