I.  Introduction

This IAISP Privacy Notice describes the types of personal data that the International Association of Information Security Professionals, LLC and its respective subsidiaries and affiliated companies (“IAISP”, “we” or “us”) collect from its US users, how we use it, how and when it may be shared, and the rights and choices you have with respect to your data. We provide this Privacy Notice to help you understand how we process your data as part of our commitment to maintaining your trust. Thank you for taking the time to read and understand our data and privacy related practices.  

This Privacy and Cookie Policy (“Policy”) outlines our policies regarding the collection, use, and retention of your personal data.  It also provides internal guidance to our team regarding how your personal data must be collected, used, stored, and destroyed to meet our data protection standards.

By using or continuing to use a Service, including without limitation visiting IAISP’s website or otherwise providing your Personal Data, you accept and consent to the rights, obligations, and practices described in this Policy.

II. Why this policy exists

This data protection policy ensures that the IAISP:

• Complies with applicable data protection laws and follows good practices;
• Protects the rights of staff, clients, applicants, and partners;
• Is open about how it stores and processes individuals’ data; and
• Protects itself from the risks of a data breach.

III.  Who it covers

This policy applies to all IAISP leaders, employees, contractors, and partners (collectively “personnel”) who are operating directly under IAISP control and supervision.  It also covers our members, users, site visitors, event participants, applicants, and others who may visit the IAISP website or attend one of its events.

IV.  What it covers

Everyone who works for or with the IAISP has responsibility for ensuring that data is collected, stored, and handled appropriately. Each personnel member who handles personal data must ensure that it is handled and processed in-line with this policy and the IAISP’s data protection principles.

The IAISP also works with its vendors to ensure proper data protection and confidentiality policies before sharing any personal data.  The Law Office does not sell any personal information, and it only shares personal information as is necessary to provide legal consultation and services.  

Personal data is “any information that is linked or reasonably linkable to an identified or identifiable natural person. It does not include de-identified data or publicly available information.”  This policy applies to all such information.

The IAISP strives to meet the following six central tenets related to Personal Data by providing users:

1. The right to access;
2. The right to correct;
3. The right to delete;
4. The right to data portability;
5. The right to opt out;
6. The right to appeal.

These tenets may be expanded or limited by the IAISP’s legal ethics rules and other legal requirements unique to the ethical practice of law. 

V.  Who this Policy Does Not Cover

This Policy applies to United States based members, users, visitors.  It does not apply to members, users, and visitors subject to the European Union’s General Data Protection Regulation (GDPR) laws and other international privacy laws that differ from US state and federal law and regulation.

This Policy does not apply to vendors and third-party partners who are not subject to IAISP’s control and supervision.

VI. Amendments and Questions

If you have any questions or concerns about this Privacy Notice, please visit our Privacy Rights Portal, or write to us at IAISP, Data Protection Official, 700 12th Street, N.W. Suite 700 Washington, DC 20005, USA.