1/27/2019 DIV Contents

738

Privacy of Personally
Identifiable Information ( PII )
Customer Service Impact:
As a property management company, Lincoln Property Company is required to protect the privacy of the
personal information of our residents, applicants and employees. All Lincoln Property Company employees are
required to treat personal information of Lincoln Property Company residents, applicants and co-workers in
accordance with the company's policies and procedures regarding personal information.

Standard
The guidelines in this policy establish the minimum requirements regarding access to the Personally Identifiable
Information of any Lincoln Property Company resident, applicant or employee. Personally Identifiable Information
( PII ) is defined as any information about any Lincoln Property Company resident, applicant or employee (including
subcontractors) that includes, but is not limited to, employment history, personal financial information including
payment card number (e.g. credit card, debit card or account numbers), medical or education history, social security
number (SSN), driver's license number, date and place of birth, email address, mother's maiden name, or any other
personal information that can be linked to an individual and is not otherwise available from public sources such as
telephone directories or government records.
All Lincoln Property Company offices must have a shredder for the purpose of shredding documentation, including
emails containing any PII .
All active Lincoln Property Company resident lease files, Client Expectations Cards (CECs), rental applications, and
employment applications, if applicable, must be stored in a locked filing cabinet or behind locked doors at all times.
Absolutely NO electronic files containing PII of Lincoln Property Company residents, applicants or employees are to
be stored, even temporarily, on any computer hard drive, including laptop and desktop computers,
portable/temporary storage devices (flash drives) or on any handheld portable electronic device.
No laptop, CD-ROM, portable/temporary storage device (flash drives) of any company owned software is to leave the
office at any time unless the employee is authorized to do so by the RPM or RVP. It is the employee's responsibility to
ensure all information is encoded, password protected, or otherwise secured from unauthorized use.
All CD-ROMs and other portable storage devices received in the office that contain the PII of Lincoln Property
Company residents, applicants or employees must be immediately destroyed or overwritten once such data is
transferred to Lincoln Property Company's secure network drive.
Information may not be transferred to any device that may be inadvertently removed from the office.
Employees are not permitted to pull any data or files containing PII by the LPC Remote Network connection while
outside of the office without direct approval from your Vice President.
Downloaded or printed reports should not include any individual's social security number (full or partial). Printing out
reports with social security number or date of birth information is strictly prohibited unless approved in writing by a
Vice President.
If reports with resident name and address also include date of birth, phone number, email address or driver's license
are printed or download for analysis, such reports must be shredded or deleted from the hardware immediately after
use.
If it is imperative to retain a paper version of such report, the report must be stored in a locked filing cabinet with
written approval from the Vice President.

Task Breakdown
1. Destruction/shredding of larger documents and Lincoln Property Company resident lease files should be handled by a
Lincoln Property Company-approved third party document destruction company. Be sure any receipt or
documentation of file destruction details the nature and type of documents destroyed.
2. Business Managers are responsible for supervising the security of items in the locked filing cabinet and ensuring that
the documents remain secure at all times.
3. If your office does not have a filing cabinet that is locked, the office must buy one. If the office filing cabinets are not
currently located behind locked doors, they must be moved immediately to an office with a locking door. There are no
exceptions to this policy.
4. All files and documents containing PII must be shredded or otherwise destroyed before permanently discarding such
materials.

1/2
1/27/2019 DIV Contents

5. Do not store inactive Lincoln Property Company resident lease or employment files longer than required by applicable
state law, rules or regulations. Check with your local apartment association concerning your state guidelines.
6. Any keys to the inactive file storage area must be signed out and the Business Manager must be present when the
office or storage area is unlocked.
7. In the event any files containing PII are lost or stolen from either the office property or from the possession of a
Lincoln Property Company employee, the employee working with such files and with personal knowledge regarding
the incident must immediately inform their RPM and VP.
8. When transmitting files or documents containing PII , whether by email, fax or regular mail, the Lincoln Property
Company employee transmitting such files or documents is responsible for properly marking the correspondence so
that the recipient is aware (a) that the correspondence they are receiving contains PII , and (b) of the need for the
receiver to protect such information by treating it with the same care afforded to any sensitive and confidential
information.
9. When sending files as attachments to an email, the sender must always include a disclaimer alerting the recipient the
files are confidential and to treat them as such. The following is an example of such a disclaimer:
a. "The information in this email and any attachments to it are strictly confidential and should be treated and
discarded in a manner that will maintain its confidentiality. This email and any attachments are intended solely
for the use of the individual or entity to whom it is addressed, and may be confidential and/or legally
privileged. If you are not an intended recipient, or if you have received this email in error, please contact us
immediately by telephone (XXX)XXX-XXXX or by returning the email to the sender and delete the original and
all copies of this transmission."
10. A Privacy Statement for Residents has been created and should be given to Lincoln Property Company residents upon
request to inform them of Lincoln Property Company's privacy policy.
11. If any Lincoln Property Company employee or subcontractor suspects that an information security breach involving
any files or documents containing the PII of any Lincoln Property Company resident, applicant or employee has
occurred:
a. Immediately notify your RPM and VP.
b. VP should notify the Asset Manager.
c. VP will determine (with input from the Asset Manager) the process in which the potentially affected Lincoln
Property Company residents will be notified.
d. VP should initiate the appropriate investigation. Follow the procedural steps outlines in "Systems & Information
Security Breach Policy and Procedures."

Notes and Materials

Shredder
Locked filing cabinet
Contact information for third party document destruction company
See the following attachments for more information.
Lincoln Employee Privacy Agreement
Attachments for Privacy of Personally Identifiable Information

Last Updated 12/05/2018 05:25 PM

2/2