Written Information Security Plan
Policy Objective, Purpose, and Scope
Our objective in the development and implementation of this comprehensive Written Information Security Plan (WISP) is to create effective administrative, technical, and physical safeguards for the protection of the Personally Identifiable Information (PII) retained by Rebel Bookkeeping, L.LC (hereinafter known as the Firm). This WISP is to comply with obligations under the Gramm-Leach-Bliley Act and Federal Trade Commission Financial Privacy and Safeguards Rules to which the Firm is subject.
The WISP sets forth our procedure for evaluating our electronic and physical methods of accessing, collecting, storing, using, transmitting, and protecting PII retained by the Firm. For purposes of this WISP, PII means information containing the first name and last name or first initial and last name of a Taxpayer, Spouse, Dependent, or Legal Guardianship person in combination with any of the following data elements retained by the Firm that relate to Individuals or Business Entities.
Identified Responsible Individuals
Rebel Bookkeeping, L.L.C has designated Nóel Gordon DeSousa to be the Data Security Coordinator (hereinafter the DSC). The DSC is the responsible official for the Firm’s data security processes and will implement, supervise, and maintain the WISP. Accordingly, the DSC will be responsible for the following: (1) Implementing the WISP, including all daily operational protocols and identifying all the Firm’s repositories of data subject to the WISP protocols and designating them as Secured Assets with Restricted Access, (2) Verifying all employees have completed recurring Information Security Plan Training, (3) Monitoring and testing employee compliance with the plan’s policies and procedures, (4) Evaluating the ability of any third-party service providers not directly involved with tax preparation and electronic transmission of tax returns to implement and maintain appropriate security measures for the PII to which we have permitted them access, (5) Requiring third-party service providers to implement and maintain appropriate security measures that comply with this WISP, (6) Reviewing the scope of the security measures in the WISP at least annually or whenever there is a material change in our business practices that affect the security or integrity of records containing PII, and (7) Conducting an annual training session for all owners, managers, employees, and independent contractors, including temporary and contract employees who have access to PII enumerated in the elements of the WISP. All attendees at such training sessions are required to certify their attendance at the training and their familiarity with our requirements for ensuring the protection of PII. Nóel Gordon DeSousa has also been designed to be the Public Information Officer (hereinafter PIO). The PIO is the Firm’s designated public statement spokesperson. To prevent misunderstandings and hearsay, all outward-facing communications are through this person, who shall be in charge of the following: (1) all client communications by phone conversation or in writing, (2) all statements to law enforcement agencies, (3), all releases to news media, (4) all information released to business associates, neighboring businesses, and trade associations to which the Firm belongs.
Click here to read the rest of our Written Information Security Plan (WISP).
How We Collect Your Data
By using our website, www.bookkeepingrebel.com, you acknowledge that we may collect non-personal information from you, such as a domain name and IP Address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We may also collect information about the type of Internet browser you are using, the operating system, what brought you to our Website, and which of our Web pages you have accessed. Additionally, if you communicate with us regarding our Website or our services, we will collect any information that you provide to us in any such communication. We may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.
How We Use Your Data
We use the collected information primarily for our own internal purposes, such as providing, maintaining, evaluating, and improving our services and Website, fulfilling requests for information, and providing customer support. We will never sell or otherwise provide the information we collect to outside third parties for the purpose of direct or indirect mass email marketing.
How We Secure Your Data
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. If we collect sensitive information (such as credit card data), it is encrypted and transmitted to us securely. You can verify this by looking for a closed lock icon at the bottom of your web browser or looking for “https” at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Notice: Cookies
We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in with a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.
Notice: Other Links
This Website may contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Notice: Surveys and Contests
From time-to-time our site may request information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving website use and satisfaction.
Notice: Your Consent
By using this Website, you consent to the collection and use of information as specified above. If we make changes to our Privacy Policy, we will post those changes on this page. Please review this page frequently to remain up-to-date with the information we collect, how we use it, and under what circumstances we disclose it. You must review the new Privacy Policy carefully to make sure you understand our practices and procedures.