In addition to any rules implied by an individual NDA agreement, when handling financial and personal information about customers or others with whom the Organization has dealings, observe the following principles:

  • Collect, use, and retain only the personal information necessary for the Organization’s business. Whenever possible, obtain any relevant information directly from the person concerned. Use only reputable and reliable sources to supplement this information.
  • Retain information only for as long as necessary or as required by law. Protect the physical security of this information.
  • Limit internal access to personal information to those with a legitimate business reason for seeking that information. Use only personal information for the purposes for which it was originally obtained. Obtain the consent of the person concerned before externally disclosing any personal information, unless legal process or contractual obligation provides otherwise.