Our Commitment to Data Privacy and Security
Updated as of Jan 1, 2023
At Kaiser Leadership Solutions, we are dedicated to helping our customers and partners identify and develop leaders – because leadership really matters. You trust us with your information, and in turn, we are committed to ensuring your data privacy and information security. Below are some of the steps we take as part of this commitment.
Transparency With Our Customers
Employee Training & Testing
Privacy and security at Kaiser Leadership Solutions start with our employees. We train our employees on privacy and security principles using an externally-sourced learning management system with interactive modules and quizzes. Our training modules cover cybersecurity and privacy topics such as phishing, malware, and viruses, mobile device security, maintaining software and disposing of hardware, privacy basics, and privacy regulatory requirements. All employees are required to participate in and pass these training modules.
Internal Policies & Procedures
To bolster our privacy and security training program, we enforce a number of mandatory internal policies and procedures. Our employees are guided generally by a Privacy Team Charter, and specifically by a number of internal policies, including our:
- Data Retention Policy
- High-Level Data Security Plan
- Clean Desk Policy
- GDPR Personal Data Breach Standard Operating Procedure
- Disaster Recovery Plan
- Incident Response Plan
Data Processing Compliance
We take our regulatory responsibilities seriously and have dedicated substantial effort and resources to achieve compliance, and in many cases to exceed requirements, with all applicable privacy laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). We have worked with outside, independent experts to map our data flows to ensure that we know where our customer data is processed and stored. We maintain a record of our data processing activities and closely track and remediate concerns in a risk register. We ensure that data subjects receive notice of and give informed consent to our data processing activities and provide mechanisms for them to exercise their rights to access, rectify, and erase their personal data.
Third-Party Service Providers
We refuse to work with vendors who fail to meet our privacy and security standards. To ensure that your data remains secure, we carefully review our contracts with third-party service providers and re-negotiate them as necessary to ensure that our own high standards – and not just those required by law – are met. We conduct transfer impact assessments to ensure that our vendors’ data handling is done responsibly.
Security is top of mind at Kaiser Leadership Solutions. We employ a High-Level Data Security Policy that establishes the administrative, technical, and physical safeguards we maintain to protect customer data. Our Data Protection Officer (DPO) maintains our IT systems, tools, and technologies, and ensures that our security controls are implemented and effective. The DPO also oversees relationships with third-party service providers and conducts annual risk assessments and inventories. If a security incident occurs, our DPO leads our response – including containment, remediation, and reporting – according to established procedure.