Skip to main content
Loading…
This section is included in your selections.

Pursuant to this program, WSSC employees shall be informed of the following PII protection rules (at least annually) and shall be evaluated as to their compliance therewith as part of the WSSC Performance Management System.

(a) Desks, work areas, printers and fax machines shall be cleared of all documents containing PII when not in use.

(b) All paper documents or files, as well as CDs, floppy disks, zip drives, tapes, and backups containing PII shall be stored in a locked file cabinet.

(c) File cabinets containing PII shall be stored in a locked room.

(d) Files containing PII shall be kept in locked file cabinets except when an employee is working on the file.

(e) Employees shall not leave documents containing PII on their desks when they are away from their workstations.

(f) Employees handling PII shall store PII files in file or other cabinets, log off their computers, and lock cabinets and office doors at the end of the day.

(g) Access to off-site storage facilities shall be limited to employees with a legitimate business need.

(h) Access keys/codes shall only be given to employees with a legitimate business need. All employees who enter these facilities will document their visit.

(i) Any information containing PII shipped using outside carriers or contractors shall be encrypted and an inventory of the information being shipped shall be retained by the WSSC business area accountable for the shipment. The information shall be shipped using an overnight shipping service that allows WSSC to track and confirm the information’s delivery.

(j) Removal of PII by employees, contractors or any other persons from Commission premises shall be prohibited unless prior authorization in writing has been obtained from the business area Team Chief/Director or his/her designee. If in electronic form (i.e., laptops, USB drives, CD, DVD, etc.) the PII to be removed from Commission premises shall be secured by encryption using the Advance Encryption Standard (AES).

(k) Files containing PII shall not be stored on workstation local hard drives unless it is secured via encryption.

(l) Access to PII on file shall be secured so that only those WSSC employees who are authorized have access to it. This data shall also be secured with encryption.

(m) Visitors who must enter areas of WSSC premises where PII files are kept shall be escorted by a WSSC employee who will be responsible for the security of the PII files. Visitors shall not be given any entry codes or allowed unescorted access to the office. (GMO 09-01 § VII)