Lancaster-Lebanon

Free Business Mentoring & Educational Opportunities in the Lancaster-Lebanon area

A. Introduction

SCORE Association and its affiliate, SCORE Lancaster, (“SCORE”) hereby implement this Privacy Policy pursuant to state and federal privacy regulations.

Members of SCORE’s workforce may have access to personal information (“PI”) in its course of its business, which includes, but is not limited to: 

The first name and last name or first initial and last name of an individual in combination with any one or more of the following data elements that relate to such individual: (a) Social Security number; (b) driver’s license number or state-issue identification card number; or (c) financial account number, credit card number, or debit card number with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; provided however, that “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

SCORE and its workforce members will not redisclose PI without prior consent from the individual.  However, when an individual submits a request to participate in online counseling, the individual is agreeing to the terms and conditions of our counseling.  The individual’s request to receive business management counseling from SCORE signifies the individual’s agreement to cooperate with SCORE if selected to participate in surveys designed to evaluate the individual’s business and permit SCORE to provide services to the individual.  If necessary or required, any information disclosed by SCORE to the Small Business Administration (SBA) or SBA representatives will be held in confidence to the extent that it will only be disclosed to SBA representatives to review and process applications; the information submitted in SBA applications will not be disclosed to commercial entities. If necessary or required, information will be disclosed to SBA representatives to process counseling applications. Relevant information will also be disclosed to assigned management mentor(s) if an individual requests such counseling from SCORE.

SCORE’s mentors and representatives do not provide advice pursuant to the authority of professional certifications or licenses that they may hold. SCORE’s mentors and representatives do not enter into relationships with individuals that entitle the individual to client privileges that may be associated with any professional certifications or licenses that our mentors may hold. SCORE does not engage in the practice of law. This includes, but is not limited to, providing specific legal advice, representing an individual in litigation or any legal proceeding, or otherwise practicing law as defined by applicable state law.  We do not engage in conduct that leads to the creation of any attorney-client relationship.

If commercially feasible, SCORE will destroy PI once the PI is no longer needed for SCORE to carry out its business operations. If it is not commercially feasible, SCORE will ensure that the PI is protected in accordance with this Privacy Policy.

It is SCORE’s policy to comply with all applicable federal and state privacy regulations relating to SCORE’s access to PI. To that end, all members of SCORE’s workforce who have access to PI must comply with this Privacy Policy.  For the purposes of this Policy, SCORE’s workforce includes individuals who would be considered part of the workforce under HIPAA such as employees, volunteers, trainees, and other persons whose work performance is under the direct control of SCORE, whether or not they are paid by SCORE. The term “employee” includes all of these types of workers.

No third-party rights are intended to be created by this Policy. SCORE reserves the right to amend or change this Policy at any time (and even retroactively) without notice. To the extent this Policy establishes requirements and obligations above and beyond those required of SCORE by federal or state law, the Policy shall be aspirational and shall not be binding upon SCORE.

B. SCORE’s Responsibilities

I. Privacy Official and Contact Person

There will be the Privacy Official for SCORE. The Privacy Official will be responsible for the development and implementation of policies and procedures relating to privacy of SCORE’s PI, including but not limited to this Privacy Policy. The Privacy Official will also serve as the contact person for individuals who have questions, concerns, or complaints about the privacy of their PI.

The Privacy Official is responsible for ensuring that SCORE complies with the provisions of federal or state laws, as applicable. 

II. Workforce Training

It is SCORE’s policy to train all members of its workforce who have access to PI on SCORE’s policies and procedures.  The Privacy Official is charged with developing training schedules and programs so that all workforce members receive the training necessary and appropriate to permit them to carry out their SCORE functions in compliance with applicable state and federal regulations.

III. Security Safeguards

SCORE will establish appropriate and commercially reasonable physical, electronic and managerial safeguards to prevent PI from intentionally or unintentionally being used or disclosed. Such safeguards include, but are not limited to, implementing procedures for use and disclosure of PI and limiting access to information by creating computer firewalls.

Firewalls will ensure that only authorized employees will have access to PI, that they will have access to only the minimum amount of PI necessary for SCORE to carry out its business functions, and that they will not further use or disclose PI in violation of applicable state or federal regulations.

IV. Sanctions for Violations of Privacy Policy

Sanctions for using or disclosing PI in violation of this Privacy Policy will be imposed in accordance with SCORE’s employee discipline policy, up to and including termination.

V. Mitigation of Inadvertent Disclosures of PI

SCORE shall mitigate, to the extent possible, any harmful effects that become known to it from a use or disclosure of an individual’s PI in violation of federal or state law or the policies and procedures set forth in this Privacy Policy. As a result, if SCORE becomes aware of an unauthorized use or disclosure of PI, the appropriate steps to mitigate harm to the participant will be taken.

VII. Workforce Must Comply With SCORE’s Policy and Procedures

All members of SCORE’s workforce (described at the beginning of this Policy and referred to herein as “employees”) who have access to PI must comply with this Policy.

IX. Breach Notification Requirements

SCORE will comply with state breach notification requirements to provide all required notification if SCORE discovers a breach of PI.