PERSONAL DATA SECURITY

The security of personal data is increasingly important in this digital age. Charleston Collegiate is committed to preventing identity theft. The school collects personal information on a need-to-know basis. We have adopted the following policies covering the personal and financial information of our families, employees, and persons and firms with whom we do business. The policy includes, but is not limited to:

• Social Security numbers
• Driver's license numbers
• Financial account numbers (such as checking accounts)
• Credit or debit card numbers

The school limits access and distribution of this personal information to employees and outside contractors (such as our tuition management and insurance companies) on a need-to-know basis.

Off-site use of any personal information by a school employee is not permitted except on a need basis (such as student health forms needed for a field trip or athletic event).

Personal information in either electronic or paper format will be deleted or destroyed on a regular basis when the information is no longer needed by the school.

PCI DATA SECURITY STANDARD (PCI DSS)

Charleston Collegiate is committed to adhering to the following national data security standards to protect account data (such as credit card or bank account numbers) belonging to the school's families and other school supporters:

• Build and Maintain a Secure Network by installing and maintaining a firewall configuration to protect cardholder data
• Encrypt transmissions of cardholder data across open, public networks
• Use and regularly update anti-virus software
• Develop and maintain secure systems and applications
• Implement strong access control measures by restricting physical and electronic access to cardholder data on a need-to-know basis
• Assign a unique ID to each person with computer access
• Maintain a policy that addresses information security