The Marvin Ridge High School Parent-Teacher-Student Organization (MRHS PTSO) recognizes the importance of safeguarding personal data and information of students and their families. This policy outlines the MRHS PTSO’s commitment to maintaining the confidentiality, integrity, and availability of such data and ensuring responsible information handling by the MRHS PTSO Board and Committee members.
Scope
This policy applies to all MRHS PTSO board and committee members of the School PTSO who have access to personal data about students and their families.
Policy Objectives:
- Confidentiality: Ensure that personal data is accessed, used, and shared only by authorized individuals for legitimate purposes.
- Integrity: Prevent unauthorized modification, alteration, or destruction of personal data.
- Availability: Ensure that authorized individuals have access to personal data when required.
- Compliance: Adhere to applicable laws and regulations regarding data protection and privacy.
Policy Guidelines:
- Access Control:
- Personal data should only be accessible to MRHS Board and Committee members who require it to fulfill their responsibilities.
- Access to personal data should be granted based on role-based permissions and reviewed periodically by the Board President.
- Data Handling:
- Personal data must be used solely for legitimate purposes related to the PTSO's activities.
- Avoid sharing personal data via unencrypted email or other insecure means of communication.
- Electronic copies of personal data (i.e., reports created and/or downloaded from Membership Toolkit) should remove all personal information that is not necessary to provide the services and/or products to the families and/or students.
- Physical copies of personal data must be stored securely and not left unattended. Once physical copies of personal data are no longer needed, they should be disposed of in a timely and secure manner.
- Data Protection:
- Through the Membership Toolkit platform, measures to protect personal data from unauthorized access have been implemented, including unique username and password.
- Data Sharing:
- Personal data should only be shared with authorized parties and for approved purposes.
- Obtain explicit consent from individuals before sharing their personal data, whenever applicable.
Incident Reporting
Any suspected or confirmed security incidents involving personal data must be reported to MRHS PTSO President immediately at mrhspresident@gmail.com .
Training and Awareness
MRHS PTSO Board and Committee members are required to read and acknowledge the Information security Policy statement upon approval to serve in their role and prior to receiving administrative access to the Membership Toolkit platform. Further, all MRHS PTSO Board and Committee members are expected to foster a culture of awareness regarding the importance of data security and privacy.
Data Retention
Personal data should be retained only for as long as necessary to fulfill the purposes for which it was collected. Inactive contact records will be reviewed on a periodic basis and at least semi-annually, and information maintained in “outdated” contact records will be manually deleted.
Regular Review
The MRHS PTSO Board will periodically review and assess the effectiveness of the information security controls and practices to ensure ongoing compliance with this policy. Further, on an annual basis, the MRHS PTSO Board will review and approve the MRHS PTSO Privacy Notice and MRHS PTSO Information Security Policy Statement to reflect changes in technology, regulations, and organizational requirements.
Policy Enforcement
Non-compliance with this information security policy statement may result in removal from the MRHS PTSO and Committee, MRHS PTSO membership, and legal consequences if applicable.
MRHS PTSO Board Approval Date: 09/08/23