Members of SCORE’s workforce may have access to personal information (“PI”) in its course of its business, which includes, but is not limited to:
The first name and last name or first initial and last name of an individual in combination with any one or more of the following data elements that relate to such individual: (a) Social Security number; (b) driver’s license number or state-issue identification card number; or (c) financial account number, credit card number, or debit card number with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; provided however, that “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
SCORE and its workforce members will not redisclose PI without prior consent from the individual. However, when an individual submits a request to participate in online counseling, the individual is agreeing to the terms and conditions of our counseling. The individual’s request to receive business management counseling from SCORE signifies the individual’s agreement to cooperate with SCORE if selected to participate in surveys designed to evaluate the individual’s business and permit SCORE to provide services to the individual. If necessary or required, any information disclosed by SCORE to the Small Business Administration (SBA) or SBA representatives will be held in confidence to the extent that it will only be disclosed to SBA representatives to review and process applications; the information submitted in SBA applications will not be disclosed to commercial entities. If necessary or required, information will be disclosed to SBA representatives to process counseling applications. Relevant information will also be disclosed to assigned management mentor(s) if an individual requests such counseling from SCORE.
SCORE’s mentors and representatives do not provide advice pursuant to the authority of professional certifications or licenses that they may hold. SCORE’s mentors and representatives do not enter into relationships with individuals that entitle the individual to client privileges that may be associated with any professional certifications or licenses that our mentors may hold. SCORE does not engage in the practice of law. This includes, but is not limited to, providing specific legal advice, representing an individual in litigation or any legal proceeding, or otherwise practicing law as defined by applicable state law. We do not engage in conduct that leads to the creation of any attorney-client relationship.
No third-party rights are intended to be created by this Policy. SCORE reserves the right to amend or change this Policy at any time (and even retroactively) without notice. To the extent this Policy establishes requirements and obligations above and beyond those required of SCORE by federal or state law, the Policy shall be aspirational and shall not be binding upon SCORE.
B. SCORE’s Responsibilities
I. Privacy Official and Contact Person
The Privacy Official is responsible for ensuring that SCORE complies with the provisions of federal or state laws, as applicable.
II. Workforce Training
It is SCORE’s policy to train all members of its workforce who have access to PI on SCORE’s policies and procedures. The Privacy Official is charged with developing training schedules and programs so that all workforce members receive the training necessary and appropriate to permit them to carry out their SCORE functions in compliance with applicable state and federal regulations.
III. Security Safeguards
SCORE will establish appropriate and commercially reasonable physical, electronic and managerial safeguards to prevent PI from intentionally or unintentionally being used or disclosed. Such safeguards include, but are not limited to, implementing procedures for use and disclosure of PI and limiting access to information by creating computer firewalls.
Firewalls will ensure that only authorized employees will have access to PI, that they will have access to only the minimum amount of PI necessary for SCORE to carry out its business functions, and that they will not further use or disclose PI in violation of applicable state or federal regulations.
V. Mitigation of Inadvertent Disclosures of PI
VII. Workforce Must Comply With SCORE’s Policy and Procedures
All members of SCORE’s workforce (described at the beginning of this Policy and referred to herein as “employees”) who have access to PI must comply with this Policy.
IX. Breach Notification Requirements
SCORE will comply with state breach notification requirements to provide all required notification if SCORE discovers a breach of PI.