Data Security Policy

This Data Security Policy establishes comprehensive guidelines to safeguard personal information in compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It ensures the confidentiality, integrity, and availability of personal data while protecting consumer rights.

• Scope: Applies to consumer personal information, sensitive personal information (SPI), and all systems or personnel handling such data.
• Security Measures: Implements role-based access control, data encryption, network and physical security, and data minimization practices.
• Incident Management: Includes preventive measures, a structured Incident Response Plan (IRP), and consumer breach notification protocols.
• Third-Party Management: Ensures vendors comply with CCPA/CPRA and adhere to contractual data protection obligations.
• Training and Auditing: Provides employee training on secure data practices and conducts regular audits to monitor compliance.

This policy supports robust data protection measures, fostering compliance with CCPA/CPRA and enhancing consumer trust.