Policy 

This policy refers to the Cranbrook Food Bank’s commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality. 

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. 

This policy establishes a standard for how confidential or personal data must be collected, handled and stored to protect against potential data breaches. 

Scope 

This policy is applicable to all parties (employees, volunteers, donors, vendors, clients, suppliers, contractors) who provide any amount of information to us. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data. 

Responsibilities 

The Cranbrook Food Bank has responsibility for ensuring data is collected, stored and handled appropriately. Each group or individual that handles data must ensure that it is handled and processed in line with this policy. 

Cranbrook Food Bank will provide training to all employees and volunteers to help them understand their responsibilities when handling data. Anyone who is unsure about any aspect of data protection or storage should request assistance. 

Board of Directors 

The Board of Directors is ultimately responsible for ensuring that Cranbrook Food Bank meets its legal obligations regarding data privacy. 

Cranbrook Food Bank Employees and Volunteers 

• Ensure sensitive data is kept secure by taking precautions and following these guidelines: Utilizing strong passwords which are not shared. 
• Not disclosing sensitive data to unauthorized parties internal or external to Cranbrook Food Bank 
•  

 

Data Storage 

Any personal information entrusted to Cranbrook Food Bank will be protected with a combination of technological and procedural security controls to prevent the details being accessed by non-authorized personnel, stolen, modified or in any other way divulged to unauthorized persons. 

Physical Copies 

Any data stored on paper should be stored in a secure location where unauthorized individuals cannot see or access it. The guidelines below apply to all physical copies of data. 

• When not in use should be kept in a locked drawer or cabinet 
• Should not be left where unauthorized individuals could see them 
• Should be shredded and disposed of securely when no longer required for business or retention purposes. 

Electronic Data 

Electronic data must be protected from unauthorized access, accidental deletion and hacking attempts. The guidelines below apply to all electronic data. 

• Should be protected by strong passwords that are changed regularly and never shared. 
• Only stored on Cranbrook Food Bank’s OneDrive, SharePoint, or other cloud services. 
• Data should be backed up frequently. 
• Shall be protected with approved security software and a firewall. 
• No data shall be saved on an employee’s laptop or on external media such as an external hard drive unless expressly authorized by the Executive Director. 

Data Use and Exchange 

All information, data and documents are to be the responsibility of the owner of the item, or a custodian appointed by the owner of the item. 

When working with personal or sensitive data, employees and volunteers must ensure their computer is locked when unattended. 

Sensitive information must not be recorded on voice mail systems. 3 

If sensitive information is being shared on a phone call, the individual sharing is responsible for ensuring that all participants take reasonable precautions to prevent the information from being overheard. 

Data Disposal 

All data must be disposed of when it is no longer necessary for business purposes or exceeds the data retention requirements. 

Physical documents should be shredded and disposed of in a secure manner. 

Individual files should be deleted from the system, and the user should ensure residual copies are also cleared from the recycle bin application if deleted on a computer. 

All physical drives or removable media holding sensitive data must be returned to Executive Director