Our Commitment to Data Privacy and Security
Updated as of Jan 1, 2023
At Kaiser Leadership Solutions, we are dedicated to helping our customers and partners identify and develop leaders – because leadership really matters. You trust us with your information, and in turn, we are committed to ensuring your data privacy and information security. Below are some of the steps we take as part of this commitment.
Transparency With Our Customers
We are in the business of collecting data and summarizing the results to provide insights that help you and your leaders succeed. Our Privacy Policy details the kind of data we collect and how we handle that data. We only collect data necessary to administer our leadership assessments and provide feedback to managers, and we take steps to ensure privacy in survey results. We use that information to provide helpful feedback to our customers and conduct research on effective leadership using non-identified, aggregated data. We have never and will never sell your data to marketers or other vendors, and we do not spam our participants and other users.
Employee Training & Testing
Privacy and security at Kaiser Leadership Solutions start with our employees. We train our employees on privacy and security principles using an externally-sourced learning management system with interactive modules and quizzes. Our training modules cover cybersecurity and privacy topics such as phishing, malware, and viruses, mobile device security, maintaining software and disposing of hardware, privacy basics, and privacy regulatory requirements. All employees are required to participate in and pass these training modules.
Internal Policies & Procedures
To bolster our privacy and security training program, we enforce a number of mandatory internal policies and procedures. Our employees are guided generally by a Privacy Team Charter, and specifically by a number of internal policies, including our:
- Data Retention Policy
- High-Level Data Security Plan
- Clean Desk Policy
- GDPR Personal Data Breach Standard Operating Procedure
- Disaster Recovery Plan
- Incident Response Plan
Data Processing Compliance
We take our regulatory responsibilities seriously and have dedicated substantial effort and resources to achieve compliance, and in many cases to exceed requirements, with all applicable privacy laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). We have worked with outside, independent experts to map our data flows to ensure that we know where our customer data is processed and stored. We maintain a record of our data processing activities and closely track and remediate concerns in a risk register. We ensure that data subjects receive notice of and give informed consent to our data processing activities and provide mechanisms for them to exercise their rights to access, rectify, and erase their personal data.
E-Privacy Compliance
We use both technological and procedural tools to ensure our websites and applications comply with regulatory requirements. We deploy a software as a service (SaaS) solution for website scanning & cookie consent, and we have implemented compliant cookie banners and our Cookie Policy to ensure transparency and choice for our website visitors.
Third-Party Service Providers
We refuse to work with vendors who fail to meet our privacy and security standards. To ensure that your data remains secure, we carefully review our contracts with third-party service providers and re-negotiate them as necessary to ensure that our own high standards – and not just those required by law – are met. We conduct transfer impact assessments to ensure that our vendors’ data handling is done responsibly.
Security Practices
Security is top of mind at Kaiser Leadership Solutions. We employ a High-Level Data Security Policy that establishes the administrative, technical, and physical safeguards we maintain to protect customer data. Our Data Protection Officer (DPO) maintains our IT systems, tools, and technologies, and ensures that our security controls are implemented and effective. The DPO also oversees relationships with third-party service providers and conducts annual risk assessments and inventories. If a security incident occurs, our DPO leads our response – including containment, remediation, and reporting – according to established procedure.