(A) Storage, use and distribution of personal information policy.
(1) Definition of PERSONAL INFORMATION AND SENSITIVE PERSONALLY IDENTIFIABLE INFORMATION.
(a) Personal information includes the following items whether stored in electronic or printed format: Names, Social Security numbers, resumes, correspondence, addresses, phone numbers, driver's license numbers, state identification numbers, professional license numbers, financial account information, medical and health information, physical characteristics and other biometric information, tax information, education information, individuals' job classifications and salary information, performance evaluations, employment application forms, timesheets.
(b) Sensitive personally identifiable information includes the following items whether stored in electronic or printed format: Social Security numbers, a person's financial account numbers and information, beneficiary information, tax information, employee voluntary withholdings, passwords, employee home addresses and phone numbers, security challenge questions and answers, employees' non-village email addresses, medical and health information, fingerprints and other biometric information, driver's license numbers, state ID numbers (as issued by the Ohio Bureau of Motor Vehicles), military information, and/or any other confidential personal information as described in R.C. § 1347.15.
(2) Hard copy distribution. Each employee and contractor performing work for the village will comply with the following policies:
(a) File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with personal information will be locked at the end of the workday or when unsupervised. The Fiscal Officer's doors will remain locked when the Fiscal Officer is not present.
(b) Storage rooms containing documents with sensitive information and record retention areas will be locked at the end of the workday or when unsupervised.
(c) Desks, workstations, work areas, printers and fax machines, and common shared work areas will be cleared of all documents containing personal information when not in use.
(d) White boards, dry-erase boards, writing tablets, etc. in common shared work areas will be erased, removed, or shredded when not in use.
(e) When documents containing personal information are discarded they will be immediately shredded using an approved shredding device. Village records, however, may only be destroyed in accordance with the village's record retention policy.
(3) Electronic distribution. Each employee and contractor performing work for the village will comply with the following policies:
(a) Any personal information sent externally must be encrypted and password protected and only to approved recipients.
(b) An email containing confidential personal information must contain the following statement: "This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited."
(Ord. 5, 2014, passed 8-14-2014)