Payment Card Industry Data Security Standards (PCI DSS)
Why should I care about PCI DSS? Well you shouldn’t unless your department or program stores, processes, or transmits any credit or debit card transactions, or is considering doing so. There are standards developed by the credit card industry to protect itself that can result in significant fines, higher costs through increased compliance requirements and potential suspension or expulsion from card processing networks. For more detail see the Y-USA Data Protection and Security Toolkit 2.0 and the PCI DSS 3.2 Resource Guide.
Personally Identifiable Information (PII)
This topic likely hits home to a few more staff. Every individual has PII which includes Social Security Numbers, non-public health information, personal financial account numbers, personal home addresses, etc. PII is treated as sensitive and confidential data within the YMCA of Greater Louisville. Security policies and procedures address how the YMCA of Greater Louisville safeguards its sensitive and confidential data and the measures that are in place to respond to data security incidents, including data breaches. These security policies also includes how the YMCA of Greater Louisville safeguards protected health information. For more detail, including the Privacy Notice relation to Nationwide Membership Data, see the Y-USA Data Protection and Security Toolkit 2.0.