Sensitive Personal Information Management Policy

This Sensitive Personal Information Management Policy establishes protocols for the collection, processing, storage, and use of sensitive personal information (SPI) to ensure compliance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It safeguards SPI while respecting consumer rights and minimizing risks.

• Scope: Applies to all employees, contractors, third-party vendors, and systems handling SPI, including Social Security numbers, financial account details, biometric data, and geolocation information.
• Collection and Use: Limits SPI collection to legitimate purposes and requires explicit consumer consent for processing unless legally exempt.
• Consumer Rights: Supports rights to know, delete, and limit SPI usage to necessary business purposes.
• Security Measures: Includes encryption, access controls, and regular security assessments to protect SPI.
• Compliance: Ensures alignment with CCPA/CPRA through ongoing audits, incident reporting, and annual policy reviews.

This policy enhances data protection practices and promotes accountability while complying with CCPA/CPRA requirements.