federal privacy regulations.
Members of SCORE's workforce may have access to personal information (“PI”) in its course
of its business, which includes, but is not limited to:
The first name and last name or first initial and last name of an individual
in combination with any one or more of the following data elements that
relate to such individual: (a) Social Security number; (b) driver’s license
number or state-issue identification card number; or (c) financial account
number, credit card number, or debit card number with or without any
required security code, access code, personal identification number or
password, that would permit access to an individual’s financial account;
provided however, that “personal information” shall not include
information that is lawfully obtained from publicly available information,
or from federal, state or local government records lawfully made available
to the general public.
SCORE and its workforce members will not redisclose PI without prior consent from the
individual. However, when an individual submits a request to participate in online counseling,
the individual is agreeing to the terms and conditions of our counseling. The individual’s request
to receive business management counseling from SCORE signifies the individual’s agreement to
cooperate with SCORE if selected to participate in surveys designed to evaluate the individual’s
business and permit SCORE to provide services to the individual. If necessary or required, any
information disclosed by SCORE to the Small Business Administration (SBA) or SBA
representatives will be held in confidence to the extent that it will only be disclosed to SBA
representatives to review and process applications; the information submitted in SBA
applications will not be disclosed to commercial entities. If necessary or required, information
will be disclosed to SBA representatives to process counseling applications. Relevant
information will also be disclosed to assigned management mentor(s) if an individual requests
such counseling from SCORE.
SCORE’s mentors and representatives do not provide advice pursuant to the authority of
professional certifications or licenses that they may hold. SCORE’s mentors and representatives
do not enter into relationships with individuals that entitle the individual to client privileges that
may be associated with any professional certifications or licenses that our mentors may hold.
SCORE does not engage in the practice of law. This includes, but is not limited to, providing
specific legal advice, representing an individual in litigation or any legal proceeding, or
otherwise practicing law as defined by applicable state law. We do not engage in conduct that
leads to the creation of any attorney-client relationship.
If commercially feasible, SCORE will destroy PI once the PI is no longer needed for SCORE to
carry out its business operations. If it is not commercially feasible, SCORE will ensure that the
It is SCORE's policy to comply with all applicable federal and state privacy regulations relating
includes individuals who would be considered part of the workforce under HIPAA such as
employees, volunteers, trainees, and other persons whose work performance is under the direct
control of SCORE, whether or not they are paid by SCORE. The term “employee” includes all of
these types of workers.
No third-party rights are intended to be created by this Policy. SCORE reserves the right to
amend or change this Policy at any time (and even retroactively) without notice. To the extent
this Policy establishes requirements and obligations above and beyond those required of SCORE
by federal or state law, the Policy shall be aspirational and shall not be binding upon SCORE.
B. SCORE's Responsibilities
I. Privacy Official and Contact Person
___________________ will be the Privacy Official for SCORE. The Privacy Official will be
responsible for the development and implementation of policies and procedures relating to
will also serve as the contact person for individuals who have questions, concerns, or complaints
about the privacy of their PI.
The Privacy Official is responsible for ensuring that SCORE complies with the provisions of
federal or state laws, as applicable.
II. Workforce Training
It is SCORE's policy to train all members of its workforce who have access to PI on SCORE's
policies and procedures. The Privacy Official is charged with developing training schedules and
programs so that all workforce members receive the training necessary and appropriate to permit
them to carry out their SCORE functions in compliance with applicable state and federal
III. Security Safeguards
SCORE will establish appropriate and commercially reasonable physical, electronic and
managerial safeguards to prevent PI from intentionally or unintentionally being used or
disclosed. Such safeguards include, but are not limited to, implementing procedures for use and
disclosure of PI and limiting access to information by creating computer firewalls.
Firewalls will ensure that only authorized employees will have access to PI, that they will have
access to only the minimum amount of PI necessary for SCORE to carry out its business
functions, and that they will not further use or disclose PI in violation of applicable state or
accordance with SCORE's employee discipline policy, up to and including termination.
V. Mitigation of Inadvertent Disclosures of PI
SCORE shall mitigate, to the extent possible, any harmful effects that become known to it from
a use or disclosure of an individual's PI in violation of federal or state law or the policies and
unauthorized use or disclosure of PI, the appropriate steps to mitigate harm to the participant
will be taken.
VII. Workforce Must Comply With SCORE's Policy and Procedures
All members of SCORE's workforce (described at the beginning of this Policy and referred to
herein as “employees”) who have access to PI must comply with this Policy.
IX. Breach Notification Requirements
SCORE will comply with state breach notification requirements to provide all required
notification if SCORE discovers a breach of PI.