FIRST IMAGE HEALTH SOLUTIONS has implemented the following procedures to safeguard the confidentiality and security of Social Security numbers (SSNs) received by the Company. This policy covers SSNs obtained for any employment-related reason, such as pre-employment background checks, payroll, benefits, human resources management, and employment-related investigations.
Access to and Use of Information or Documents That Contain SSNsOnly employees authorized by the Company are allowed to access information and documents containing SSNs. Authorized employees may access such information or documents strictly on a need-to-know basis and may use them solely for the purpose for which access is granted.
Disclosures of Information or Documents That Contain SSNsThe Company will disclose documents containing SSNs to external parties only as allowed or required by law or court order. If the recipient does not need to know the SSN, it must be redacted prior to disclosure. If the recipient does need access to the SSN, the Company should, whenever possible, obtain a written agreement from the recipient to ensure adequate protection for the documents containing the SSN. SSNs may not be disclosed to a third party without prior approval from the Legal Department or the Director of Human Resources.
Additional Safeguards for SSNsSSNs should not be publicly visible, such as being included in electronic documents posted on internal websites or in paper documents displayed on employee bulletin boards.
SSNs should not be printed on cards, like insurance identification cards, that employees must present to obtain goods or services.
SSNs generally should not be printed on paper documents sent to employees unless required by law (e.g., a W-2 Form) or in certain other limited cases. Employees should consult with the Legal Department before including SSNs in any mailings.
Employees authorized to access SSNs should take precautions to prevent unauthorized viewing, such as using a password-protected screen saver when leaving their computer unattended.
Employees authorized to access SSNs should avoid downloading SSNs or documents containing SSNs onto portable storage media unless they are encrypted or accessing files with SSNs via non-encrypted connections.
SSNs should not be transmitted over the internet unless encrypted in accordance with the Company’s Information Security Policy.
EnforcementAny employee who learns of or suspects a violation of this policy should promptly notify the Director of Human Resources or the Legal Department so the Company can investigate as needed. Retaliation against an employee who reports a policy violation is not permitted. Violating this policy will lead to disciplinary action, which may include termination of employment.