AmericanChecked recognizes its need to maintain the confidentiality of Personal Identity Information (PII). The PII covered by this policy may come from various sources including, but not limited to, employees, clients, applicants, vendors and any PII maintained in its systems. The scope of this policy is intended to be comprehensive, without disclosing technical details that could be used by those with malicious intent and includes requirements for the security and protection of PII information accessed by AmericanChecked and its vendors. Departments named in this policy have responsibility for implementing procedural guidance to ensure that their departmental responsibilities under this policy are communicated and enforced. Personally identifiable information is information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. including, but not limited to;
Individual(s) or companies that have been approved by AmericanChecked as a recipient of PII, from which AmericanChecked has received certification of their data protection practices in conformance with the requirements of this policy. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
AmericanChecked understands the importance of minimizing the amount of PII data it maintains and will retain such PII only as long as necessary. A joint task force comprising members of the Accounting, IT, Compliance, Operations and Human Resources departments maintain organizational record retention procedures, which dictate the length of data retention and data destruction methods for both hard copy and electronic records.
All new employees who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy for the maintenance of PII and shall receive annual training regarding the security and protection of PII and company proprietary data.
AmericanChecked conducts audits of PII information maintained by the company in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with regulations for destruction of such records and logs maintained for the dates of destruction. Accounting, IT, Compliance, Operations and Human Resources departments under direct supervision of executive management conduct these audits.
Databases or data sets that include PII may be breached through authorized or unauthorized access. Upon becoming aware of a data breach, the Compliance department will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the breach. The Compliance department will handle breach notifications(s) to all governmental agencies to who such notice must be provided in accordance with requirements specified under these laws. Notices to affected individuals will be communicated by Operations after consultation with the Compliance department as specified under the appropriate law(s). Gramm-Leach-Bliley Act, The Privacy Act of 1974, Fair Credit Reporting Act
AmericanChecked maintains multiple IT systems where PII data may reside; thus, user access to such IT systems is the responsibility of the IT department. The IT department has created internal controls for such systems to establish legitimate access for users of data, and access shall be limited to those approved by IT. Any change in vendor status or the termination of an employee or independent contractor with access will immediately result in the termination of the user’s access to all systems with access to PII.
It is the policy of the company to comply with any international, federal or state statute and reporting regulations. AmericanChecked has delegated the responsibility for maintaining PII security provisions to the departments noted in this policy. AmericanChecked’s Compliance department shall be the sole entity named to oversee all regulatory reporting compliance issues. If any provision of this policy conflicts with a statutory requirement of international, federal or state law governing PII, the policy provision(s) that conflict shall be superseded. Gramm-Leach-Bliley Act, The Privacy Act of 1974, Fair Credit Reporting Act
If an employee has reason to believe that PII data covered by this policy has been breached or that company representative(s) are not adhering to the provisions of this policy, the employee should call or contact a Human Resources representative at the employee’s location.
All company employees must maintain the confidentiality of PII as well as proprietary company information to which they may have access and understand that such information is to be restricted to only those with a business need to know. Employees with ongoing access to such information will sign acknowledgment reminders annually attesting to their understanding of this requirement.
AmericanChecked views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under the company’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in the company’s PII new hire and refresher training to reinforce the company’s continuing commitment to ensuring that this data is protected by the highest standards.
If you have any questions regarding our policy, you may contact our Chief Operations Officer at:
Mailing Address: AmericanChecked; 4870 S. Lewis, Ste. 120; Tulsa, OK 74105