|
We recognize our obligation to keep information about you secure and confidential and we carefully manage this information to give you the best service with the most convenience. We keep all of this information secure because we value your trust and we will always handle information about you and your customers with care.
WE limit access to Customer information to those associates who need to know it so that they can provide products and services to you or to support those products and services.
WE are bound by a code of ethics that requires confidential treatment of Customer information and our associates are subject to disciplinary or legal actions if they fail to adhere to our strict standards.
WE maintain physical, procedural and electronic safeguards to protect all Customer information
WE are constantly assessing new technology to protect all of our data and information and to upgrade our system when it seems appropriate.
Keeping information for our members accurate and up to date is very important to us and making sure it stays accurate is our first priority. In order to do that we have provided you with access to information through the on-line and wireless technology. We will always respect your privacy using the most modern safeguards possible in order to hold all information confidential and secure. To protect that information, we have developed several innovative precautions in physical, electronic and procedural standards that are compliant with federal regulations.
WE encrypt all data to prevent interception by a third party.
WE employ the use of firewalls and routers.
WE password protect all accounts.
WE background check and drug test all employees who have access to any of your information.
To help maintain the protection we have in place for you, we need your help and we suggest the following steps:
- Don't give your ID or password to anyone.
- Remember to sign off when you complete a secure online transaction.
- Change your password regularly.
- Watch for the secure connection symbol Icon (Lock in the corner of your screen) before transmitting confidential information.
Under no circumstances do we offer or provide information to any companies for the purpose of independent telemarketing or direct mail marketing. However, certain federal and state statutes may require us to disclose information about you. For instance, if you are involved in litigation with a third party, we may be ordered to provide information to a court or the other litigant. In this circumstance, only the specified information required by law, court order or subpoena will be dispersed.
We encourage you to notify us if you note incomplete or inaccurate information and we will promptly provide technical support. If at any time you feel that we have handled your customer information in a less than professional manner, please contact us and we will thoroughly investigate your concerns or complaints.
MAPLE HILL CREDIT UNION
PRIVACY AND SECURITY PROGRAM
PURPOSE OF THE POLICY
THE PURPOSE OF THIS POLICY IS TO INSURE THAT MAPLE HILL CREDIT UNION COMPLIES WITH EXISTING FEDERAL AND STATE LAWS WITH RESPECT TO THE PRIVACY AND SECURITY OF MEMBER'S NONPUBLIC PERSONAL INFORMATION.
GENERAL PROVISIONS
MAPLE HILL CREDIT UNION SHALL PROTECT THE CONFIDENTIALITY, SECURITY, AND INTEGRITY OF EACH MENBER'S NONPUBLIC PERSONAL INFORMATION IN ACCORDANCE WITH EXISTING STATE AND FEDERAL LAWS.
THE CREDIT UNION WILL MAINTAIN PHYSICAL, ELECTRONIC, AND PROCEDURAL SAFEGUARDS THAT COMPLY WITH FEDERAL STANDARDS TO GUARD MEMBERS' NONPUBLIC PERSONAL INFORMATION.
THE CREDIT UNION WILL NOT GATHER, COLLECT, OR MAINTAIN ANY INFORMATION ABOUT ITS MEMBERS THAT IS NOT NECESSARY IN ORDER TO OFFER ITS PRODUCTS AND SERVICES, TO COMPLETE MEMBER TRANSACTIONS OR FOR OTHER RELEVANT BUSINESS PURPOSES.
THE CREDIT UNION DOES NOT, AND WILL NOT, SELL OR PROVIDE ANY MEMBER INFORMATION TO THIRD PARTIES INCLUDING LIST SERVICES, TELEMARKETING FIRMS, OR OUTSIDE COMPANIES FOR INDEPENDENT USE.
INFORMATION SECURITY PROGRAM
MANAGEMENT OF MAPLE HILL CREDIT UNION SHALL BE RESPONSIBLE FOR DEVELOPING, IMPLEMENTING, AND MAINTAINING AN EFFECTIVE INFORMATION SECURITY PROGRAM TO:
1. INSURE THE SECURITY AND CONFIDENTIALITY OF MEMBERS RECORDS AND INFORMATION.
2. PROTECT AGAINST ANY ANTICIPATED THREATS OR HAZARDS TO THE SECURITY OR INTEGRITY OF SUCH RECORDS.
3. PROTECT AGAINST UNAUTHORIZED ACCESS TO OR USE OF SUCH RECORDS OR INFORMATION THAT WOULD RESULT IN SUBSTANTIAL, HARM OR INCONVENIENCE TO ANY MEMBER,
MANAGEMENT SHALL REGULARLY (NO LESS THAN ANNUALLY) REPORT TO THE BOARD OF DIRECTORS ON THE CURRENT STATUS OF THE CREDIT UNION INFORMATION SECURITY PROGRAM.
ASSESSMENT OF RISK
IN ORDER TO ABSESS THE RISKS THAT MAY THREATEN THE SECURITY, CONFIDENTIALITY, OR INTEGRITY OF MEMBER INFORMATION OR MEMBER INFORMATION SYSTEMS, THE CREDIT UNION SHALL:
1. IDENTIFY ALL REASONABLY FORESEEABLE INTERNAL AS WELL AS EXTERNAL THREATS THAT CAN RESULT IN UNAUTHORIZED DISCLOSURE, OR DESTRUCTION OF MEMBER INFORMATION OR MEMBER INFORMATION SYSTEMS.
2. DETERMINE THE LIKELIHOOD AS WELL AS POTENTIAL DAMAGE OF THE INTERNAL AND EXTERNAL THREATS.
3. DETERMINE THE SUFFICIENCY OF THE CREDIT UNION'S POLICIES, PROCEDURES AND MEMBER INFORMATION SYSTEMS TO CONTROL THE IDENTIFIED RISKS.
MANAGEMENT AND CONTROL OF RISK
IN ORDER TO MANAGE AND CONTROL THE RISKS THAT HAVE BEEN IDENTIFIED, THE CREDIT UNION SHALL:
1. ESTABLISH WRITTEN PROCEDURES DESIGNED TO IMPLEMENT, MAINTAIN AND ENFORCE THE CREDIT UNION'S INFORMATION SECURITY PROGRAM.
2. LIMIT ACCESS TO THE CREDIT UNION'S MEMBER INFORMATION SYSTEMS TO AUTHORIZED EMPLOYEES ONLY.
3. ESTABLISH CONTROLS TO PREVENT EMPLOYEES FROM PROVIDING MEMBER INFORMATION TO UNAUTHORIZED INDIVIDUALS.
4. LIMIT ACCESS AT THE CREDIT UNIONS PHYSICAL LOCATIONS CONTAINING MEMBER INFORMATION, SUCH AS BUILDINGS, COMPUTER FACILITIES, AND RECORDS STORAGE FACILITIES TO AUTHORIZED INDIVIDURLS ONLY.
5. PROVIDE ENCRYPTION OF ELECTRONIC MEMBER INFORMATION INCLUDING BUT NOT LIMITED TO INFORMATION IN TRANSIT OR IN STORAGE ON NETWORKS OR SYSTEMS TO WHICH UNAUTHORIZED INDIVIDUAL MAY HAVE ACCESS.
6. ENSURE THAT MEMBER INFORMATION SYSTEMS MODIFICATIONS ARE CONSISTENT WITH THE CREDIT UNION'S INFORMATION SECURITY PROGRAM.
7. IMPLEMENT DUAL CONTROL PROCEDURES, SEGREGATION OF DUTIES, AND EMPLOYEE BACKGROUND CHECKS FOR EMPLOYEES WITH RESPONSIBILITIES FOR OR ACCESS TO MEMBER INFORMATION.
8. MONITOR THE CREDIT UNION'S SYSTEMS AND PROCEDURES TO DETECT ACTUAL AND ATTEMPTED ATTACKS ON OR INTRUSIONS INTO THE MEMBER IMFORMATION SYSTEMS.
9. ESTABLISH RESPONSE PROGRAMS THAT SPECIFY ACTIONS TO BE TAKEN WHEN THE CREDIT UNION SUSPECTS OR DETECTS THAT UNAUTHORIZED INDIVIDUALS HAVE GAINED ACCESS TO MEMBER INFORMATION SYSTEMS, INCLLIDING APPROPRIATE REPORTS TO REGULATORY AND LAW ENFORCEMENT AGENCIES.
10. IMPLEMENT MEASURES TO PROTECT AGAINST DESTRUCTION, LOSS, OR DAMAGE OF MEMBER INFORMATION DUE TO ENVIRONMENTAL HAZARDS, SUCH AS FIRE AND WATER DAMAGE OR TECHNICAL FAILURES.
11. REGULARLY TEST, MONITOR, EVALUATE, AND ADJUST AS APPROPRIATE, THE INFORMATION SECURITY PROGRAM IN LIGHT OF ANY RELEVANT CHANGES IN TECHNOLOGY, AND INTERNAL OR EXTERNAL THREATS TO THE CREDIT UNION'S INFORMATION SECURITY SYSTEMS.
12. REGULARLY TEST THE KEY CONTROLS, SYSTEMS, AND PROCEDURES OF THE INFORMATION SECURITY PROGRAM.
13. ENSURE THAT ALL CONTRACTS WITH SERVICE PROVIDERS CONTAIN APPROPRIATE PROVISIONS REQUIRING THE SERVICE PROVIDER TO PROTECT THE CONFIDENTIALITY OF THE CREDIT UNION MEMBER'S NONPUBLIC PERSONAL INFORMATION.
Adapted May 15, 2001 | 
