top of page

Privacy Policy

NAFIBO does not release membership information or email addresses to other companies or organizations. Membership information is for internal purposes only.

Associations and not-for-profit organizations should develop and implement policies to safe guard the information they manage for both the association and its constituents, and to minimize the risk sand costs associated with data breaches and violations of privacy. Those risks are not limited to direct recovery cost and legal liability, but also include reputational damage.The purpose of this Data Security & Privacy Policies for Associations professional practice statement is to provide guidance to association and not-for-profit professionals and governing bodies on the development and implementation of effective policies to manage the security of information and minimize the risk to their organizations.

Safety and Security

Associations are increasingly employing electronic means to communicate and engage with their members and other audiences through regular correspondence; distribution of periodicals, educational materials and marketing; social media platforms; and online access to association and member data. In addition, an increasing number of membership, event, and product transactions are processed by credit card or other electronic payment systems. This results in the collection of vast amounts of personal and other organization data. It is vitally important for associations to develop and implement modern practices for the safekeeping of electronically stored information and the privacy protection of their members and customers.

 

 

As part of a privacy policy, in this section you can inform your visitors about how safely you protect their personal information. Add details such as encryption methods you may use, firewalls employed on your servers, or other security measures you my employ.

Your user’s security is of the highest importance to your organization, so take the time to write an accurate and detailed policy. Use straightforward language to gain their trust and make sure they keep coming back to your site!

Steps NAFIBO takes to protect its members

Association professionals should undertake the following to ensure that data security and privacy is at the forefront of their day-to-day operations:

  • Ensure staff is aware of where the association data is stored, where it is being sent and who
    has access to it.

  • Establish and enforce staff policies for handling member data, including payment information and use of sensitive data on mobile devices.

  • Ensure that the association is following data security requirements established by the PCI Council if the association, as a merchant, is taking credit card payments.

  • Create data security awareness education sessions for all staff to be held annually.

  • Maintain and update member privacy policies as needed on the association websites.

  • Establish incident response procedures and train staff on the procedure to follow in the event of a possible data breach.

  • Keep up to date on federal and state laws governing the use of personally identifiable information (PII) to ensure the association is in compliance.

  • For data stored onsite, install and maintain security safeguards such as firewalls, encryption and intrusion detection.

  • For data stored at a hosted site, review all contracts and operating agreements to ensure that the host is maintaining security safeguards such as firewalls, encryption and intrusion detection, and review these on a periodic basis.

NAFIBO has established policies that govern member privacy and data security as follows:

  • Adopt a member privacy policy covering the acquisition and distribution of member data within the
    association and its constituents following any and all federal and state regulations governing data
    privacy.

  • Ensure that PCI audits for credit card handling, if required, are submitted by the auditors or staff to
    the appropriate committee for review and acceptance.

  • Ensure that the association has the proper and adequate amount of liability coverage for data
    security breaches.

  • Establish and implement, along with association staff, an association communication plan to
    respond to any data breaches or data privacy violations.

  • Keep up to date on federal and state laws governing the use of PII to ensure the association is in compliance and that association staff is following these requirements.

Disclaimer

The Association Forum expressly disclaims any warranties or guarantees, expressed or implied, and shall not be liable for damages of any kind, in connection with the material, information, or procedures set forth in these Statements or for reliance on the contents of the Statements. In issuing these Statements, the Association Forum is not engaged in rendering legal, accounting, or other professional services. If such services are required, the services of a competent professional should be sought.

We Need Your Support Today!

  • Instagram
  • Facebook
  • Twitter

Copyright © 2022 National Association of Formerly Incarcerated Business Owners, LLC. 

NAFIBO

ALL RIGHTS RESERVED 

National Association of Formerly Incarcerated Business Owners, LLC. is a registered and trademarked logo protected by copyright law. All the site or page's material and contents are not to be used without permission of the owner. Any unauthorized reproduction or use or infringement upon the language and models used and listed on this website is subjected to an infringement lawsuit. Website created and maintained (for a small fee) by the business services division of Taking Charge Consulting, LLC. via Wix. 

bottom of page