Why is ePACT changing your terms?
ePACT serves over one million users in 130 countries, supporting both families (“End Users”) and clients (“Organizations”), like schools, parks and recreation centers, camps, sports, events, and employers. Our team is committed to providing an outstanding emergency network for all our users, however, our number one priority will always be maintaining the privacy and security of users’ data.
To ensure this, we continually undergo external and internal audits and reporting to ensure our system maintains exceptional standards to protect users’ data. This includes adjusting our system and policies if/as needed as new legislation or government/industry mandates are developed.
With the recent launch of the General Data Protection Regulation (GDPR), governing how sites manage personal data of EU citizens, we identified the need to adjust our terms to ensure it was clear to all our users how the ePACT Network works.
Our separate terms will not only help users better understand how ePACT works for them, and the controls they have of their account and data, but also better demonstrate how ePACT addresses legislative requirements around data management, like HIPAA, PIPEDA, and GDPR.
What has changed with your terms?
Due to our commitments, policies, and processes around data privacy and security, the requirements of legislative mandates, like HIPAA, PIPEDA, and GDPR, are met by the very architecture of ePACT. The way we have structured our network addresses the government and industry standards around personal control of data, management of who has access, the ability to make changes based on user needs or preferences, and the various ways we work to protect data.
- Ensure greater clarity on how the ePACT Network works for both user types;
- Whenever possible use ‘plain language’ versus ‘legalese’ so terms are easy to understand;
- Outline the ways in which users control their accounts and data, and the various specific responsibilities in using the system – for example:
- For families: understanding how you own and manage your account and data, what controls you have around who you connect and share your information with, and your responsibilities in protecting your login details or ensuring your data is up to date for organizations who need this to support you in a crisis.
- For organizations: managing who is authorized to view data, responsibilities in monitoring use and removing access if someone leaves your organization, or ensuring any staff using ePACT adhere to the Network’s Code of Conduct.
What is the General Data Protection Regulation (GDPR) and how does ePACT adhere to it?
The General Data Protection Regulation (GDPR) is a law that governs how sites manage personal data of EU citizens. As ePACT serves users in over 130 countries, it was important that our terms reflect the needs of the GDPR in outlining how our system works and adheres to this law, just as we also adhere to other privacy and security requirements like HIPAA (US) or PIPEDA (Canada), and other international standards.
Specifically, for the GDPR, ePACT adheres to these requirements in the following ways:
- Ensuring protection of personal data via encryption, system integrity and resilience, ongoing testing, and assessing effectiveness of processes and policies;
- Making it clear how the system works for users – both families and organizations – in regards to managing data, controls over accounts, and responsibilities in using the ePACT Network, as well as how the system stores and transmits data via users’ requests/controls;
- Requiring consent to the terms and responsibilities – for families and organizations – using the ePACT system and their rights related to accessing, changing or deleting data/accounts;
- Ensuring access to the ePACT Team and ePACT Privacy Officer if users have questions, concerns or complaints about the system.