Read the Management of electronic information Protection policies and procedures and answer the questions in your own words.

Management of Electronic Information Protection Policies and Procedures

Management of Electronic Information Policies and Procedures

Electronic Information covered under this policy are the following:

Client personal information

Bounce Fitness resources (e.g. policies and procedures)

Bounce Fitness data (e.g. sales, earnings and reviews)

Financial Information covered under this policy are the following:

Personal information of clients and people affiliated with Bounce Fitness (employees, partners, consultants and shareholders)

Credit card information

Credit ratings

PayPal account details

Reports (Purchases, Accounting, Sales, Expenses and Budgeting)

Transaction Records

Bounce Fitness is committed to providing quality services, and this policy will show how the company protects the electronic information of Bounce Fitness, both from internal sources and external sources.

Bounce Fitness adopts the Australian Privacy Principles located within Privacy Act 1988. The Principles are the legal basis on which the company collects, uses, divulges, protects, and discards electronic information.

The policy includes the electronic information of those who are part of the organisation, their partner organisations, their consultants, their clients and the shareholders. The policy also covers online and offline data.

Bounce Fitness aims to protect the electronic information covered by installing anti-virus software on the company computer units, using electronic information encryption and using password protection on each piece of electronic information.

Bounce Fitness will ensure that the electronic information that they are handling will be accurate and will take the necessary steps to keep the information up-to-date. Bounce Fitness will keep up-to-date versions of the electronic information by archiving the superseded versions.

In the event of a security breach, Bounce Fitness will do what is reasonably practicable in order to contain the events of the breach and assist the relevant departments and individuals involved to resolve the issue/s.

Electronic Information Policy

Electronic information collected by Bounce Fitness can include personal information from both clients and employees. Bounce Fitness is committed to ensuring that where this information is retained, it will only be used for internal management purposes that are directly related to the management of its internal database.

Electronic information stored by Bounce Fitness must also be accessed from computers within the network. External access to Bounce Fitness servers is prohibited.

Out-of-date information will be stored for a minimum of five (5) years before permanent deletion from the Bounce Fitness server.

Clients can withdraw their consent at any time. Once the request has been made, relevant Bounce Fitness personnel are responsible for deleting the client's personal information. Procedures

A. Storing Electronic Information

Relevant personnel must use the appropriate files formats when creating or saving electronic information.

Ensure that the information is up-to-date and without errors before storage.

Electronic information must be stored using the appropriate folders in local drives and/or in designated cloud storage areas. Relevant personnel must use their Bounce Fitness email accounts to store files in the following cloud storage applications:

o Dropbox

o Google Drive

Relevant personnel must request access from their direct supervisors when accessing the relevant folders for the first time.

Outdated files must be archived in the Archive folder. Files in the Archive folder will be permanently deleted after 5 years.

B. Maintaining Protections on Bounce Fitness Electronic Information

All new computers coming into Bounce Fitness must have anti-virus programs immediately installed on them before use. IT personnel must also ensure that the antivirus programs installed on Bounce Fitness computers are still up-to-date.

Password protected documents stored in the Bounce Fitness database must be updated at least once every month.

C. Electronic Information Security Breaches

Report the security breach to the IT Department and authorities, where necessary, and provide them with all relevant information requested. Private information, including names and contact details of clients involved, will require a written request and approval from the Centre Manager.

Inform the individuals/entities whose electronic information was involved in a security breach.

Bounce Fitness will investigate what caused the breach and create a report on the outcomes of the investigation to be distributed personnel, including clients, involved in the breach. Financial Information Policy

Storing financial information.

Financial information collected by Bounce Fitness is stored in an isolated server, that can only be accessed by the following personnel:

o Accounts officer

o Accounts manager

This information can only be accessed in the event of recurring bulk client purchases or dispute.

Financial information stored by Bounce Fitness that has been out of use for a minimum of six (6) months will be permanently deleted from the isolated server.

Procedures

A. Storing Financial Information

Relevant personnel must use the appropriate files formats when creating or saving electronic information.

Ensure that the information is up-to-date and without errors before storage.

Electronic information must be stored using the appropriate folders in local drives and/or in designated cloud storage areas. Relevant personnel must use their Bounce Fitness email accounts to store files.

Outdated files must be archived in the appropriate folder. Outdated files in the Archive folder will be permanently deleted after six (6) months.

B. Maintaining Financial Information

All new computers coming into Bounce Fitness must have anti-virus programs immediately installed on them before use. IT personnel must also ensure that the antivirus programs installed on Bounce Fitness computers are still up-to-date.

At the point of purchase, clients have the option to have Bounce Fitness delete their records of any financial data once payment has been processed. If they are:

o Completing a transaction through an online portal, clients must tick the "Forget payment method" option

o Completing a transaction through Bounce Fitness centres, they must complete the appropriate Client Waiver Form

Password protected documents stored in the Bounce Fitness database must be updated at least once every month.

Answer the following questions after reading.

a. Identify the three electronic information covered under this policy.

b. Briefly discuss how Bounce Fitness ensures the protection of its electronic information.

c. Outline the steps to follow if a breach of security in electronic information occurred.