Effective Date: 11/30/2016
Approval: SFPE Board of Directors
Policy: It is the policy of the SFPE to protect against the unauthorized access, use, corruption, disclosure, and distribution of sensitive information. SFPE respects your privacy and is committed to protecting it at all times.
Responsibility: SFPE shall appoint an Information Security Officer to review and maintain Procedures and monitor compliance with the guidelines set forth in the Procedures.
Information we collect -- When you browse our www.SFPE.org, and do not interact with the site for any online service or product from the SFPE, you browse anonymously. Information that identifies you personally--such as your name, address, phone number and email address--is not collected as you browse.
When you create an account to become a registered user on our sites, or choose to interact with us in other ways, such as subscribing to SFPE publications, purchasing an SFPE product, applying for SFPE membership, participating in online surveys, submitting questions or comments or requesting information or materials, we will collect certain personal information from you. The type will vary but may include name, address, phone number, birth date, billing and delivery information, email address, credit card information and other demographic information. We do not collect Social Security numbers via any SFPE website. The product or service that you seek will determine the personal information collected.
How we use personal information -- Once collected, we may use your personal information for the following purposes:
You can manage your account, limit alerts or opt-out of some or all future communications. All e-mail communications contain an “unsubscribe” option in case you want to discontinue the communication at any time. Contact us via the phone number or contact form on our website at any time to:
When we hire vendors to deliver emails to you on our behalf, they are under agreement and limited from using your email address and other personal information for any other purpose.
These email messages may contain "clear GIFs" or "Web beacons" to measure the offer’s effectiveness so we know how to serve you better. We do not collect information that identifies you personally through "clear GIFs" or "Web beacons." You may refuse or remove the placement of these and other cookies by selecting the appropriate settings on your web browser.
How to opt out of email -- To opt out of future emails and newsletters, go to our SFPE e-newsletter sign-up page or click the "unsubscribe" link at the bottom of any email or e-newsletter from the SFPE. You also can call the SFPE at (301) 718-2910
With whom we may share information -- SFPE may share personal information (except your email address) with our business partners in order to provide them an opportunity to offer products or services that may be of interest to you. SFPE also occasionally hires other companies to provide limited services on our behalf including, but not limited to, processing credit card transactions, packaging, mailing and delivering purchases, answering customer questions about products or services, consulting services, data modeling, printing, sending postal mail and processing membership and event registration. We will only provide those companies the information they need to deliver the service. They are prohibited from using that information for any other purpose. Except as described in this section, third parties may not collect personally identifiable information about your online activities over time or across different Web sites when you use our web sites.
Tracking activity on our website-- We track how our sites are used by both anonymous visitors and registered users who interact with the site. One way we track is by using "cookies." A cookie is a small file or string of text on the site user's computer that is used to aid Web navigation. Two types of cookies are commonly used. A session cookie is created by a website when that website is accessed; that type of cookie is automatically deleted by closing the Web browser. A persistent cookie is a cookie that is stored on the hard drive of the user’s computer for a period of time chosen by the website that set the cookie, usually for a number of years, unless the user deletes it manually. This policy distinguishes between short-lived cookies and long-lasting cookies. Short-lived cookies include all session cookies and those persistent cookies that are set to be stored for no more than one week. SFPE-related websites may at times require users to accept short-lived cookies in order for the websites to function properly. Long-lasting cookies may be used on the site to track visitor practices to help determine which site features and services are most important and guide editorial direction.
Other long-lasting cookies may make it possible for the user to access the site without requiring entry of a user name or password, allow the user to view different restricted areas of the site without reregistering, allow the user to personalize the site for future use and provide other features and benefits. Users who do not desire the functionality created by the long-lasting cookie can disable the long-lasting cookie function, either by indicating when asked that they do not wish to have a long-lasting cookie created or by disabling the long-lasting cookie function on their Web browser. Individuals can opt out of long-lasting cookie functions at any time.
Cookies are required for the Members-Only and e-commerce sections of the website. Cookies are essential for site administration and security. Another way we track site activity is by using transparent electronic images called "clear GIFs," "Web bugs," or "Web beacons" on Web pages. These images count the number of users who visit that page from specific banner ads outside www.SFPE-assn.org or through email links. A similar image, sometimes called a "spotlight tag," is used on Web pages where transactions take place. The spotlight tag collects numeric information, such as the dollar amount of an online purchase, to help us understand usage of the site. We do not use any of these electronic images to collect personally identifiable information.
Children under 13 -- We do not knowingly solicit data online from or market online to children under the age of 13.
Information security -- SFPE implements security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. We restrict access to personal information to our employees and the SFPE’s business partners who may need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
How we safeguard information
TLS technology and how you benefit from it -- SFPE realizes the importance of security, so we've taken a number of steps to enhance the protection of personal information sent to or from SFPE over the Internet. First, we require that a "secure session" be established, using Transport Layer Security (TSL) technology. This is done any time you supply or access information in one of our secure online areas.
TSL technology creates a private conversation that only your computer and SFPE systems can understand. The TSL technology encodes information as it is being sent over the Internet between your computer and SFPE systems, helping to ensure that the transmitted information remains confidential.
User ID and password -- Many areas of the site require the use of a user ID and password as an additional security measure that helps protect your information. This allows SFPE to verify who you are, thereby allowing you access to your account information and preventing unauthorized access. When you have finished using a secure area of SFPE’s website, make sure you always click on the "Log Out" link which appears on every secure page. When you click on the "Log Out" link, you will be given the option to end your secure session. No further secure transactions can be conducted without re-entering your user ID and password. You should be aware that browser software often "caches" a page as you look at it, meaning that some pages are saved in your computer's temporary memory. Therefore, you may find that clicking on your "Back" button shows you a saved version of a previously viewed page. Caching in no way affects the security of your confidential user ID or password.
No guarantee -- Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, SFPE cannot guarantee or warrant the security of any information you transmit to us, or to or from our online products or services. Email messages sent to or from a website may not be secure. Confidential information should not be sent by e-mail. Site visitors sending e-mail accept the risk that a third party may intercept e-mail messages.
Linking to other Internet sites
You should be aware that other Internet sites that link to the SFPE sites or to an SFPE email may contain privacy provisions that differ from these. To ensure your privacy is protected, we recommend that you review the privacy statements of other Internet sites you visit.
How you can access and change information
If you are a registered user of an SFPE website, subscriber to SFPE publications, purchaser of SFPE products or an SFPE member, you may review and update or correct your information online or by contacting the SFPE Office at (301) 718-2910.
SFPE members may update or correct any information SFPE may have on file by going online or calling (301) 718-2910. Updates or corrections to certain types of information will require independent verification prior to effectuating any (permanent) change to our files.
References: ANSI/IACET 1-2013 Standard 9.4