Skip to Content

Privacy Policy


I. Introduction

The Iowa State Education Association ("ISEA") values the trust and privacy of its members and other supporters. This Privacy Policy sets forth ISEA's practices regarding: (1) what personal information we collect about you — both online via the ISEA website and ISEA Intranet and offline via traditional, hard copy forms; (2) how we use that information; (3) under what circumstances we disclose it; (4) what choices are available to you regarding such information collection; and, (5) what security we use to protect such information. This Privacy Policy also provides some additional information for users of the ISEA website and ISEA Intranet.

II. Definitions

As used in this Privacy Policy, the following terms have the meanings indicated below:

  1. The term "we" or "us" means ISEA.
     
  2. The term "you" means a current or former ISEA member or other person who has provided personal information to us in connection with obtaining an ISEA product or service (e.g. a person who has purchased a book from the NEA Professional Library or a person who subscribes to an ISEA-produced electronic newsletter).
     
  3. The term "personal information" means any piece of information that on its own can specifically identify a current or former ISEA member or other person who has provided personal information to us in connection with obtaining an ISEA product or service. This would include, but is not limited to, full name, postal address, e-mail address, social security number, or financial information.
     
  4. The term "ISEA website" means ISEA's external website located at: ISEA.org and any future websites that we may develop.
     
  5. The term "ISEA Intranet" means ISEA's internal, private, and secured website for local leaders and staff.
     
  6. The term "ISEA-related organizations" means ISEA's Member Benefits Corporation, ISEA Member Insurance Trust, ISEA Foundation, ISEA Health Information Network, and any other entity created by ISEA.
     
  7. The term "third party" means a legal entity that is separate and independent from ISEA, its state and local affiliates, or any ISEA-related organization.
     
  8. The term "cookie" means a small file that is placed on your computer that allows a website to store, and sometimes track, information about how you use that website.
     
  9. The term "discussion forum" means an asynchronous website component that enables users to exchange ideas by posting questions and answers on relevant subjects. Discussion forums are also commonly referred to as "discussion groups," "discussion boards," "message boards," "bulletin boards," and "online forums."

III. Personal Information Collected

We may collect personal information about you from the following sources:

  1. Personal Information that you voluntarily provide to us on your membership application and other ISEA forms — whether online via the ISEA website or ISEA Intranet or offline via traditional, hard copy forms (such as your name, postal address, telephone number, e-mail address, social security number, etc.).
     
  2. Other Personal Information that you voluntarily provide to us via the ISEA website or ISEA Intranet (such as an e-mail address if you subscribe to an ISEA-produced electronic newsletter or other personal information contained in an e-mail that you send to us via the feedback feature of the ISEA website).
     
  3. Personal Information that we receive from our state and local affiliates or other ISEA-related organizations (such as your name, postal address, telephone number, e-mail address, social security number, etc.).
     
  4. Personal Information that we receive from third parties (such as insurance claim information in connection with the ISEA Educators Employment Liability Program and publicly available voter registration information).

IV. How We Use That Information

The personal information that ISEA collects about you helps us and our state and local affiliates and ISEA-related organizations to efficiently and effectively represent you and provide you with valuable member benefits.

V. Information Sharing

In order to provide you with efficient and effective representation and member benefits, we routinely share all of the personal information that we collect about you, as described in Section III above, with our state and local affiliates and ISEA-related organizations, as well as third parties that perform services on our behalf.

Additionally, we may share any of the personal information that we collect about you, as described in Section III above, with certain third parties that share our interests or as otherwise permitted by law.

VI. Available Choices

Any personal information that you provide to us is voluntary. ISEA members may update their personal information at any time. For information on how to contact us, please visit the ISEA website at: www.ISEA.org/about/contact-us.html.

If you subscribe to any ISEA-produced electronic newsletter, you may cancel your subscription at any time by following the instructions at the bottom of all such newsletters. If you have any problems canceling such a subscription, please contact us at www-registration@list.NEA.org.

VII. Your California Privacy Rights

California residents have a right under state law to ask entities with whom they have an established business relationship to provide certain information regarding the sharing of personal information for direct marketing purposes during the past year. ISEA will honor such a request coming from any current or former ISEA member or other person who has provided personal information to us in connection with obtaining an ISEA product or service — whether residing in California or not. Simply submit a request to us at one of the following addresses: www-registration@list.NEA.org or ISEA Office of General Counsel, 1201 16th Street, N.W., Washington DC 20036, and we will respond within thirty days of receiving your request.

VIII. Information Security

We maintain administrative, technical, and physical safeguards designed to: (1) insure the security and confidentiality of your personal information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information. For more information on our information security, contact ISEA at www-registration@list.NEA.org  to request a copy of the ISEA Information Security Program.

IX. Additional Information for Users of the ISEA Web Site or ISEA Intranet

  1. Collection and Use of Non-Personal Information
    If you use the ISEA website or the ISEA Intranet, you provide us with certain non-personal information in addition to any personal information that you may voluntarily provide. For example, if you browse the ISEA website or ISEA Intranet or download information, our operating system automatically records the following non-personal information:

    1. The Internet domain for your Internet service (such as "xcompany.com" or "xcompany.net" if you use a private Internet access account, or "yourcollege.edu" if you connect from a college or university domain);
       
    2. The type of browser that you use (such as "America Online version 7" or "Microsoft Internet Explorer 5");
       
    3. The type of operating system that you use (such as Windows or Macintosh);
       
    4. The date and time that you visit the ISEA website or ISEA Intranet and the webpages that you view;
       
    5. The address of the previous website that you visited if you linked to us from another website; and
       
    6. The address of the next website that you visit if you link to it from the ISEA website or ISEA Intranet.
       
    We use the above non-personal information to diagnose technical problems and track user interests so that we can provide content that interests you.

    We gather this non-personal information in the aggregate and we share it in the same manner that we share personal information, as described in Section V above.
     
  2. Cookies
    We use cookies to track what you are viewing when you visit the ISEA website and ISEA Intranet, and to enhance your user experience. In order to provide you with customized content and an enhanced user experience, certain cookies used by ISEA identify you as an individual. If you are concerned about ISEA's use of cookies, check your Internet browser. Most have a setting that will allow you to reject cookies. However, some ISEA features and services may not function properly if your cookies are disabled.

    Additionally, ISEA allows third parties who advertise or provide content on the ISEA website or ISEA Intranet to use cookies. Third parties' use of cookies is subject to their own privacy policies, and is not governed by this Privacy Policy.
     
  3. Discussion Forums
    If you participate in a discussion forum on the ISEA website or ISEA Intranet, your comments, along with any personal information that you voluntarily disclose, may be collected, used, and shared by anyone with access to that forum. We are not responsible for the personal information that you choose to submit in a discussion forum.
     
  4. Children
    The ISEA website and ISEA Intranet are general websites, and we do not knowingly collect any personal information from children under the age of 13.
     
  5. External Links
    This Privacy Policy applies only to the ISEA website and ISEA Intranet. It does not cover any websites that are linked to or from the ISEA website or ISEA Intranet for which we are not responsible ("linked-sites"). These linked-sites will have their own policies and practices which may be different from ours. We encourage you to familiarize yourself with the policies and practices of the linked-sites especially if you provide personal information to them.

X. Effective Date, Amendments, and Consent to This Privacy Policy

This Privacy Policy is effective April 3, 2007. We retain the right to amend or otherwise update this Privacy Policy at any time for any reason. By joining ISEA or using the ISEA website or ISEA Intranet, you consent to the collection, use, and sharing of personal information as we have described herein. If we amend or update our Privacy Policy, we will post the changes online at the ISEA website and ISEA Intranet so that you are always aware of ISEA's current practices. You may also contact us at www-registration@list.NEA.org  at any time to request an up-to-date hard copy version of the Privacy Policy.

XI. Contact Us

If you have any questions regarding this Privacy Policy, you can contact ISEA at www-registration@list.NEA.org.

 

ISEA Information Security Program

I. Introduction

The National Education Association ("ISEA") values the trust and privacy of its members and other supporters and, as a result, strives to ensure that appropriate safeguards are implemented to protect the security and confidentiality of any personal information collected. This Information Security Program ("IS Program") sets forth ISEA's administrative, technical, and physical safeguards designed to: (1) insure the security and confidentiality of any personal information collected; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information.

II. Definitions

As used in this IS Program, the following terms have the meanings indicated below:

  1. The term "personal information" or "PI" means any piece of information that on its own can specifically identify a current or former ISEA member or other person who has provided personal information to ISEA in connection with obtaining an ISEA product or service. This would include, but is not limited to, a member's full name, postal address, e-mail address, social security number, or financial information.
     
  2. The term "Information Security Program Coordinator" or "ISP Coordinator" means the person who is responsible for effectively implementing the IS Program.
     
  3. The term "Information Security Program Committee" or "ISP Committee" means the committee that is responsible for assisting the ISP Coordinator in his or her responsibilities. The ISP Committee consists of ISEA Staff from the following ISEA Departments: ISEA Enterprise Technology Services, ISEA Financial and Membership Services, ISEA Office of the Chief Financial Officer, and ISEA Office of General Counsel.
     
  4. The term "Department Directors" means the directors of ISEA Departments, and the individuals who perform counterpart functions in ISEA administrative units that are not classified as ISEA Departments.
     
  5. The term "ISEA website" means ISEA's external website located at: ISEA.org and any future websites that we may develop.
     
  6. The term "ISEA Intranet" means ISEA's internal, private, and secured website for local leaders and staff.
     
  7. The term "Membership system" means the ISEA Individuals and Affiliates database that contains the PI of former and current ISEA members.
     
  8. The term "third party" means a legal entity that is separate and independent from ISEA, its state and local affiliates, or any ISEA-related organization.
     
  9. The term "ISEA-related organizations" means ISEA's Member Benefits Corporation, ISEA Member Insurance Trust, ISEA Foundation, ISEA Health Information Network, and any other entity created by ISEA.
     
  10. The term "strong passwords" means a sufficiently complex combination of miscellaneous characters that authenticates the identity of a user.

III. Program Elements

  1. Designation and Responsibilities of the Information Security Program Coordinator and Information Security Program Committee
     

The Information Security Program Coordinator ("ISP Coordinator") is responsible for assuring that this IS Program is effectively implemented. The ISP Coordinator is Thang Nguyen, who may be contacted at one of the following addresses: ISEA Office of the Chief Financial Officer, 1201 16th Street, NW, Washington, DC 20036 or tnguyen@NEA.org . Any questions regarding the implementation of this IS Program should be directed to the ISP Coordinator.
 

    1. The Information Security Program Committee ("ISP Committee") is responsible for assisting the ISP Coordinator in his or her responsibilities. The ISP Committee shall consist of ISEA staff from the following Departments:
       
      1. ISEA Enterprise Technology Services
         
      2. ISEA Financial and Membership Services
         
      3. ISEA Office of the Chief Financial Officer
         
      4. ISEA Office of the General Counsel
         
    2. The ISP Coordinator shall convene meetings of the ISP Committee as appropriate and necessary.
       
    3. The ISP Coordinator, in consultation with the ISP Committee, shall be responsible for the following:
       
      1. Coordinating with the Department Directors to identify and assess risks to PI in each relevant area of ISEA's operation — including employee training and management, information systems, and detecting and managing system failures;
         
      2. Coordinating with the Department Directors on the effectiveness of the safeguards set forth in this IS Program and the design, implementation, and monitoring of any additional safeguards that are necessary to control any future identified risks to PI; and,
         
      3. Conducting periodic evaluations of and adjustments to this IS Program.
         
  1. Risk Identification and Assessment
    ISEA shall, on a periodic basis, identify and assess external and internal risks to the security, confidentiality, and integrity of the PI that it collects and uses. The ISP Coordinator, in consultation with the ISP Committee, shall coordinate with the Department Directors to identify and assess such risks in each relevant area of ISEA's operation, including employee training and management, information systems, and detecting and managing system.
     
  2. Design, Implementation, and Monitoring of Safeguards
     
    1. To avoid reasonably foreseeable external and internal risks to the security, confidentiality, and integrity of PI, ISEA has in place the following safeguards:
       
      1. Employee Training and Management
         
        1. ISEA uses appropriate screening before hiring ISEA staff who will have access to PI.
           
        2. ISEA limits access to PI to ISEA staff who have a legitimate business reason to see it.
           
        3. ISEA prohibits ISEA staff from sharing user ID and passwords.
           
        4. ISEA takes appropriate steps to prevent former ISEA staff from accessing PI by deactivating their passwords and user names.
           
      2. Information Systems
         
        1. ISEA employs a combination of electronic badges and intelligent keys to secure access to ISEA offices.
           
        2. ISEA restricts access to databases containing PI to authorized users at ISEA and its state and local affiliates, and those users have access only to the PI relevant to their assignments.
           
        3. ISEA shall take appropriate steps to ensure that electronic files containing PI are securely sent to and from ISEA.
           
        4. ISEA provides users of the ISEA website or ISEA Intranet with a secure connection to transmit all PI, including social security numbers.
           
        5. ISEA provides users of the Membership system at ISEA and its state and local affiliates a secure connection for Internet access to that system.
           
        6. ISEA shall not require users of the ISEA website or ISEA Intranet to log on using a social security number.
           
        7. ISEA shall not print member social security numbers on any identification cards or badges; nor shall member social security numbers appear on any documents mailed to members.
           
        8. ISEA shall take appropriate steps to destroy documents containing PI in a secure way, such as shredding, erasing, or otherwise modifying the PI in those documents to make it unreadable or undecipherable, in accordance with the ISEA Document Retention Policy.
           
      3. Detecting and Managing Systems
        ISEA shall take appropriate steps to secure its networks, including use of firewalls, virus protection, virtual private networks, intrusion detection systems, and ID and password verifications.
         
    2. In addition to the above outlined safeguards, ISEA plans to implement the following safeguards by the end of fiscal year 2006-07:
       
      1. Employee Training and Management
         
        1. ISEA shall increase ISEA staff awareness regarding security and privacy of PI by disseminating the ISEA Privacy Policy and ISEA Information Security Program and other appropriate materials on this issue.
           
        2. ISEA shall implement a policy for ISEA staff on confidentiality and security standards for handling PI.
           
        3. ISEA shall use password-activated screen-savers to lock ISEA staff computers after a period of inactivity.
           
      2. Information Systems
         
        1. ISEA shall encrypt member social security numbers in all databases.
           
        2. ISEA shall research the feasibility of encrypting all PI in portable and mobile devices.
           
        3. ISEA shall implement a strong password policy.
           
        4. ISEA shall give users of the Membership system at ISEA and its state and local affiliates the option of suppressing the display of social security numbers on user computer screens and in reports.
           
      3. Detecting and Managing Systems
        ISEA shall develop a security breach response protocol, including a sample notification letter, in the event of a potential security breach. In the interim, ISEA Staff shall notify their Department Directors or the ISP Coordinator if a security breach occurs.
         
    3. The ISP Coordinator, in consultation with the ISP Committee, shall coordinate with the Department Directors on the effectiveness of the safeguards set forth in this IS Program and the design, implementation, and monitoring of any additional safeguards that are necessary to control any future identified risks to PI.
       
  3. Oversight of Third Parties
    ISEA requires that the ISEA Executive Director approve all requests to share PI with a third party. To the extent that the ISEA Executive Director approves such a request, ISEA requires that all third parties receiving PI must sign a confidentiality agreement and must be capable of maintaining appropriate safeguards for all PI received from ISEA.
     
  4. Periodic Evaluation and Adjustment of Program
    The ISP Coordinator, in consultation with the ISP Committee, is responsible for periodically evaluating and adjusting the IS Program based on the risk identification and assessment activities undertaken pursuant to Section III(B) of this IS Program.

IV. Effective Date and Amendments to the Program

This IS Program is effective April 3, 2007. ISEA retains the right to amend or otherwise update this IS Program at any time for any reason.


Embed This Page (x)

Select and copy this code to your clipboard