Policy Date: 1/06/2009

I. PURPOSE

To ensure the security, confidentiality and appropriate use of all data processed, stored, maintained, or transmitted on StaffLeader computer systems and networks. This includes protection from unauthorized modification, destruction, or disclosure, whether intentional or accidental.

This policy is intended to serve as a general overview on the topic and may be supplemented by other specific policies required by law such as the;

• Health Insurance Portability and Accountability Act (HIPAA)
• Family Educational Rights and Privacy Act (FERPA)
• Gramm Leach Bliley Act (GLBA)
• American Institute of Certified Public Accountants (AICPA) Generally Accepted Privacy Principles (GAPP).
• Statement of Auditing Standards (SAS) 70

II. POLICY

It is the responsibility and duty of any individual who has access to StaffLeader computer systems and networks to protect StaffLeader data resources in whatever form, from unauthorized modification, destruction or disclosure. Without limiting the forgoing, all individuals granted access to StaffLeader Information Technology resources are expected to adhere to the following principles:

1. Refrain from any deliberate violation of StaffLeader or departmental policy and/or any state or federal law governing information privacy and use.
2. Refrain from attempting to access confidential or proprietary data on StaffLeader computer systems, or in any other manner, except when it is in keeping with the specific assigned duties as a StaffLeader employee.
3. Appropriately maintain and protect the confidentiality of any data to which access has been granted, regardless of the method used to retrieve or display it.
4. Refrain from making any unauthorized alterations (add/change/delete) to any data which is accessible either through legitimate granted access or any incidental access.
5. Prevent the download, distribution, and installation of pirated software and copyrighted or proprietary materials for which the user has not acquired rights, and will strive to prevent the download, distribution, and installation of software and such materials without a valid license or the installation of a single user license on multiple machines.
6. Refrain from remotely or physically logging into or attempting to log into another user's machine or attempt to access another user's files without the individual's permission, except when necessary in the course of performing specific assigned duties as an employee.
7. Refrain from attempting to compromise the security of the StaffLeader network or devices attached to the network.
8. Insure the proper disposal of all confidential or proprietary information in whatever form in accordance with StaffLeader or departmental policy.

III. APPLICABILITY

This policy applies to all StaffLeader employees, contractors, and individuals with access to StaffLeader systems in any location.

IV. PROCEDURES

1. "Notice." Where StaffLeader collects Personal Information directly or indirectly from individuals or corporations, it will inform them about the purposes for which it collects and uses Personal Information. This publication serves as Notice
2. "Choice." Where StaffLeader collects Personal Information directly from individuals, it will offer individuals and corporations the opportunity to choose (opt-out) whether their Personal Information is;
1. To be disclosed to a non-agent third party, or
2. To be used for a purpose other than the purpose for which it was originally collected or subsequently authorizes by the individual or corporation
3. StaffLeader will provide individuals with reasonable mechanisms to exercise their choice should requisite circumstances arise
3. "Data Integrity." StaffLeader will use Personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual or organization. StaffLeader will take reasonable steps to ensure that Personal Information is relevant to its intended use.
4. "Security." StaffLeader will take responsible steps to ensure that data is reliable for its intended use, accurate, complete, and current. Strict policies, procedures, and technology tools are in place to prevent the unauthorized access, use, or transmission of any personal information.
5. "Enforcement." StaffLeader will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that StaffLeader determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment. Any StaffLeader system determined to be in violation of this Policy will be remediated.

V. SANCTIONS

Deliberate violation of this policy will be considered a serious infraction under the StaffLeader company policy and is subject to disciplinary action, up to and including dismissal.

VI. Dispute Resolution.

Any questions or concerns regarding the use or disclosure of Personal Information should be directed to StaffLeader at the address given below. StaffLeader will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between StaffLeader and the complainant, StaffLeader has agreed to resolve disputes pursuant to the Safe Harbor Principles.

VII. Contact Information.

Questions or comments regarding this Policy should be submitted to StaffLeader by mail or e-mail as follows:

StaffLeader
1225 North Loop West
Suite 725
Houston, TX 77008
privacypolicy@StaffLeader.com