It is the policy of the Alabama Brewers Guild to keep sensitive information confidential. This includes internal sensitive information and sensitive information of members.
Reason for policy
During the course of business, Guild leadership and employees may acquire confidential and/or proprietary information about the Guild and its members. The Alabama Brewers Guild and its employees are obligated to ensure the security and integrity of this information
What is sensitive information?
“Sensitive information” has a broad variety of definitions. This policy applies to all information that is of a sensitive nature. This includes any information that the Guild should not disclose to third parties or to its members. For the purposes of this policy, there are two types of sensitive information: internal Guild sensitive information and member sensitive information.
Examples of internal Guild sensitive information include, but are not limited to, the following:
- Budgets and financial reports
- Planning documents
- Salary information
Examples of member sensitive information include, but are not limited to, the following:
- Pricing information
- Production statistics
- Employment statistics
Sensitive information is not limited to documents and files, but this policy is specifically concerned with electronic and physical copies of sensitive information.
Maintenance of sensitive information
The preferred method of securing sensitive information is not to have it in the first place. The Guild should only maintain such sensitive information as is necessary for legitimate business needs. The Guild should only possess sensitive information if there is a legitimate business need. Sensitive information should be returned to the owner or destroyed when it is no longer needed.
Storage of sensitive information
The Guild should normally maintain electronic storage of sensitive information on the secure Corporate Google Drive. Sensitive information may also be securely stored on Adobe Sign’s server, SurveyMonkey’s servers, or similar cloud-based services under a Guild corporate account.
The Guild should normally maintain hard copies of sensitive information at the Guild office in a locked drawer or safe.
In all cases, staff must always ensure that sensitive information is not accessible to the public or to individuals who should not have access to the sensitive information.
Who can access sensitive information?
The Guild may share internal Guild sensitive information with staff, the Board of Directors, and brewing members of the Guild under guidelines set below.
Member sensitive information may be shared only with staff and Board Members who have a clear need-to-know in order to execute their job function. Staff should only share member sensitive information with Board Members if there is no obvious alternative to sharing that information.
Example. A Board member may need to know expected dues from brewing members, which is based on individual member production information. However, an obvious alternative to providing individual production statistics is for the staff to prepare an estimate based on the data. This prevents the Board member from having access to member sensitive information while still providing the information necessary for their job function.
If sensitive information has a specific agreement or policy, that agreement or policy shall override this policy.
Sharing sensitive information
When sharing any sensitive information through email or other messaging service, staff should always use a link that is password-protected or that authorizes only specific individuals to view.
Do not send sensitive information in an email message as an unsecured attachment.
When sharing sensitive information physically, maintain knowledge of the ownership of any documents or other products.