Bali Children Foundation (BCF) is committed to respecting the privacy of all its donors and to protecting any/all data about donors from outside parties. This policy provides guidelines for the handling of sensitive cardholder data and related data in order to secure sensitive data information from unauthorized or unlawful disclosure.
Bali Children Foundation (BCF) will have adequate safeguards in place to protect cardholder privacy and to ensure compliance with various regulations as it relates to Sensitive Data. All those associated with the BCF who handle cardholder data information must take the precautions listed herein.
1. Employees should ensure that they have appropriate credentials and are authenticated for the use of technologies.
2. Employees should take all necessary steps to prevent unauthorized access to confidential data which includes card holder data.
3. Employees must keep data secure and not share accounts.
4. Cardholders are responsible for the security of their passwords and accounts.
Employees handling Sensitive cardholder data are required to:
1. Process BCF and cardholder information in a manner that fits with their sensitivity;
2. Ensure that personal information is not disclosed unless authorized by the donor;
3. Protect sensitive cardholder information;
4. Keep accounts data secure;
5. Request approval from management prior to establishing any new software or hardware, third party connections, etc.;
6. Always leave desks clear of sensitive cardholder data and lock computer screens when unattended.
C. Protect Data in Transit
1. Sending cardholder data (PAN, track data etc.) over the internet; via email, instant chat or any other end user technologies is strictly prohibited unless properly protected.
2. If there is a business need to send card holder data via email or via the internet or other modes, then it can only be done after the approval of the card holder.